BUSINESS  TECHNOLOGY  LEADERSHIP 


RISK 
The  FDA  turns 
to  IT  to  prevent 
another  Vioxx 

Page  56 

OFFSHORING 
Schrageon  India’s 
changing  value  prop 

Page  36 

PRIVACY 

How  to  turn  stricter 
policies  into  profits 

Page  64 


BY  THOMAS  WAILGUM 


»  The  Pricing  Jungle 
»  The  Carrier  Chaos  < 

»  The  Contract  Fog 

HOW  TO  GET  MORE 
AND  SPEND  LESS  p..«g . » ; 


BMC  Software  and  the  BMC  Software  logos  are  registered  trademarks  o 
trademarks  of  BMC  Software,  Inc,  All  other  registered  trademarks  or 
trademarks  belong  to  their  respective  companies.  ©2006  BMC  Software, 


TOYOTA  MOTORSPORT  FOUND  THAT  BUSINESS  SERVICE  MANAGEMENT 
PUT  BOTH  THEIR  I.T.  SOLUTIONS  AND  THEIR  FORMULA  ONE  RACECARS  IN  THE 


And  it  ail  began  with  the  leadership  of  BMC  Software.  From  real-time,  track-side 
data  feeds  to  accelerated  design  processes,  our  BSM  solutions  helped  Toyota 
Motorsport  align  IT  systems  with  business  and  racing  objectives. That's  the  power 
of  BSM.  It's  not  just  about  technology.  It's  about  how  technology  can  activate  your 
business.  By  slashing  costs,  ramping  up  revenue  and  mitigating  risk,  BMC  Software 
can  give  you  fast,  predictable  results.  Just  askToyota  Motorsport,  or  the  hundreds 
of  other  companies  who  are  reaping  the  benefits  of  BSM. Then,  take  the  first  step 
toward  activating  your  own  business. The  card  below  is  the  place  to  start. 


Call  an  expert  or 

log  on  today  to  put  BSM 

to  work  for  you. 


Dave  Jenkins 

Business  Service  Management 

Solution  Center 

<bmc  oftware 

2101  CityWest  Blvd 

Houston,  Texas  77042 

800  596  2154 

www.bmc.com/starthere3 

ACTIVATE  BUSINESS 

WITH  THE  POWER  OF  I.T™ 


POSITION. 


■  ' 

••  >.•  m, :/":V 


What  do  y  j  do? 


-  '•  •  •• 

/ 

Ff?  k 


>'  /  r 

f: 

~  .» ;  -  i 


<•  •:  4  ,• 


.  .. . V.  ,  ■ .. 

■■  ■■  .  ■  •  ■  •  •  <;  A 

■:  .**,-■  :  ..  =’ 

"  ",  '  v  .  -  .C'TT 

er  offers  skills  training  and  job  placement  for  permanent  and  temporary  positions  in  IT  engineering 
uick  evolving  fields.  Get  up  to  speed.  Call  866-531-0797  or  visit  www.us.manpower.com/change 


i  $  ■■ 

'  •  V 


■■  ■  • 

'  •  .  •  «  .•  <t 


BB  m  • ' 

M  W 

m  y 


•  ■  >  -3 

'  /V-V.  « 

-‘  v 


':‘WM 


Audi  sales  teams  needed  to  keep  their  manuals  up  to  date. 
Xerox  created  a  print-on-demand  solution 
that  helps  them  perform  as  well  as  the  cars  they  sell. 

There’s  a  new  way  to  look  at  it. 


XEROX. 

xerox.com/learn  1-800-ASK-XEROX  ext.  learn  |  Technology  [  Document  Management  |  Consulting  Services  | 


©2006  XEROX  CORPORATION  All  rights  reserved.  XEROX*  and  There's  a  new  way  to  look  at  it*  are  trademarks  of  XEROX  CORPORATION  in  the  United  States  and/or  other  countries. 


MARCH  15,  2006  I  VOL/19  I  NO/11 


MID-MARKET: 

THE  EVOLVING  ENTERPRISE 

CLEANING  UP  AFTER  KATRINA  |  74 

The  CEO  of  Oreck  Corp.  credits  quick  think¬ 
ing  by  employees  (including  his  VP  of  IT)  for 
a  speedy  recovery  from  the  hurricane.  After 
all,  the  systems  don’t  run  themselves. 


Enterprise  Risk 
Management 


FOR  RISK  |  56 

it  revamps  its  workflow  processes,  the 
FDA  is  relying  on  technology  to  reduce  the 
risk  that  unsafe  substances— such  as  the  pain 
reliever  Vioxx— will  get  into  the  market. 

By  Allan  Holmes 


Data  Security 

THE  PROFITS  IN  PRIVACY  |  64 

Contrary  to  popular  belief,  protecting  the 
privacy  of  customer  data  and  making  a  profit 
are  not  mutually  exclusive  goals.  Several 
leading  companies  have  accomplished  both. 

By  Allan  Holmes 


Telecommunications 


COVER  STORY 

UNTANGLING  TELECOM:  HOW  TO 
GET  MORE  AND  SPEND  LESS  |  44 

Negotiating  for  networked  telecom  services  is 
now  largely  the  responsibility  of  CIOs.  Fortu¬ 
nately,  help  is  on  the  way  By  Thomas  Wailgum 


A  “View  from  the  Top”  interview  by 
Stephanie  Overby 


j  II— I  III— —  H  im  HIWilHHII  iWilMIlHIlll—ilHWI  I IWIHM  I— II  —I 

more  » 


yr 

www.cio.com  |  MARCH  15,  2006  5 


COVER  PHOTO  BY  STEPHEN  WEBSTER 


cnin 


contents 


(cont.) 


Columns 


Device  Networks 

THE  NETWORK  DANCE  |  27 

Are  you  fast  on  your  feet?  CIOs  will  need  to  polish  their  footwork 
as  networked  devices  begin  to  proliferate. 

Essential  Technology  by  Fred  Hapgood 

IT  Education 

WHAT  CAN  TEAR  US  APART  |  32 

Failing  to  educate  our  youth  for  science  and  technology  careers  and 
disrespecting  our  differences  could  have  dire  consequences  for  the 
unity  of  our  nation.  Keynote  by  Juan  Enriquez 

Outsourcing 

IS  OFFSHORING  CODING  YESTERDAY’S  FAD?  |  36 

Outsourcing  your  code  development  makes  a  lot  less  sense  with  the 
radical  changes  in  the  way  innovators  now  create  software. 

It’s  All  About  the  Execution  by  Michael  Schrage 

Health-Care  IT 

OPENING  A  VIRTUAL  GATEWAY  TO  BETTER  HEALTH  |  40 

This  CIO  swore  he  would  stay  away  from  turnarounds— until  he  was 
offered  the  opportunity  to  revamp  the  way  Massachusetts  residents 
obtain  state  health  services.  It  was  a  challenge  he  couldn’t  resist. 

Peer  to  Peer  by  Louis  Gutierrez 


6  MARCH  15,  2006  |  www.cio.com 


DEPARTMENTS 


From  the  Editor  |  8 

The  Next  Wave  Is  Here  |  Fundamental  shifts  in 
technology  will  make  it  possible  for  businesses  to 
realize  IT’s  promise  of  technology-enabled  innova¬ 
tion,  responsiveness  and  speed.  By  Abbie  Lundberg 

From  the  CEO  |  10 

The  Trials  of  Change  |  When  change  comes,  as  it 
always  does,  some  adapt,  some  resist  and  others 
freeze— how  can  CIOs  thaw  them  out? 

By  Michael  Friedenberg 

Trendlines  I  17 

Telecommunications  |  After  Deaths,  Mining 
Industry  Digs  for  IT  Fix 

Online  Media  |  The  Censored  Internet 

Desktop  Computing  |  Help  for  Librarians 

Book  Review  |  How  to  Get  a  Job  as  a  CIO 

Open  Source  |  The  Penguin  in  Africa 

Security  |  States  Suggest  Fix  for  What  Ails  DHS 

Washington  Watch  |  Patent  Reform  Too  Late  for 
BlackBerry  Users 

By  the  Numbers  |  Time  in  Training  Often  Wasted 

|  Index  |  82 
Endlines  |  84 

The  Good  Worms  |  It’s  not  a  bug;  it’s  a  feature 
By  Scott  Kirsner 

Wh@t's  Hot  Online 

BLOGS:  GET  THE  INSIDE  WORD  from  CIO 
insiders.  Our  newly  redesigned  blogs  section 
includes  our  staff’s  knowledgeable  takes  on: 

» Innovation 

» IT  strategy 

»  Emerging  technology 

» IT  research 

»  Your  peers’  job  moves...and  more 

Read  the  latest  posts  and  join  the  conversation 

at  www.cio.com/blogs. 


bright  idea  in  storage.  .  ™~^s.  m  -■ 

Advance,  a  leader  in  lighting  electronics,  watched  its  data  storage  costs  grow  alone 
with  its  business.  Advance  turned  to  HP  to  reverse  the  trend.  With  HP  StorageWorks. 
Advance  is  now  able  to  consolidate  its  data,  keeping  critical  information  online  for 
instant  access  while  constantly  moving  older  data  to  more  cost-effective  storage^ew^s. 
All  this  has  reduced  the  time  needed  to  manage  the  storage  network  fronarcfays  to 
minutes  and  clearly  illuminated  the  path  to  change,  hp.com/go/storageconsdfiaation 

Tools  of  change:  HP  StorageWorks  SAN,  Disk  Array,  Tape  Library 


I 


y:  f;  f:f;V  :rs 

.  •A  - a 

FROM  THE  EDITOR 

The  Next 
Wave  Is 
Here 

Fundamental  shifts  in 
technology  will  make  it 
possible  for  businesses 
to  realize  IT’s  promise 
of  technology-enabled 
innovation,  responsive¬ 
ness  and  speed 


Business  leaders'  expectations  of  IT  are  growing.  Back  in  2002  and  2003,  CIOs 
were  primarily  expected  to  control  and  cut  costs— in  their  own  shops  and,  through  IT, 
in  the  rest  of  the  company.  In  2004  CEOs  at  a  few  leading-edge  companies  began 
asking  their  CIOs  to  help  grow  the  top  line  through  new  IT-driven  business  innova¬ 
tions.  Now,  in  a  2005 IDC  survey  of  CEOs  and  line-of-business  managers,  a  full  40  per¬ 
cent  felt  they  needed  to  be  more  aggressive  in  their  deployment  of  IT. 

CEOs  expect  IT  to  be  much  more  dynamic  than  it’s  been  in  the  past  so  that  the  busi¬ 
ness  can  make  faster  operational  changes.  The  next-generation  enterprise  is  being  built 
on  a  fluid  and  flexible  service-oriented  architecture  (SOA),  with  a  mixed  insourced/out- 
sourced,  onshore/offshore  staffing  model. 


SOA  empowers  business- 
people  to  develop  their  own 
services,  but  it  still  requires 
CIO  leadership  to  manage 
that  process.  It  both  enables 
and  demands  alignment. 


It’s  employing  new  technologies  to  enable 
speed  and  agility  with  greater  degrees  of 
intelligence  and  automation.  This  new 
technology  environment  is  still  evolving, 
and  there  are  many  questions  yet  to  be 
answered:  What’s  the  best  governance 
model?  How  will  standards  be  developed? 

What  are  the  security  issues?  What  will  licensing  models  look  like?  And  where  will 
the  staff  (and  the  CIOs)  with  the  necessary  skills  come  from? 

SOA  puts  technology  into  business  terms  so  businesspeople  can  develop,  reuse  and 
change  services  themselves.  It  enables  quicker  rollouts  at  lower  cost,  providing  faster 
time  to  market  for  new  products  and  services,  and  thus  creates  competitive  advantage. 
While  few  companies  have  completed  the  transition  to  a  full  SOA  environment,  there’s 
tremendous  momentum  in  that  direction.  According  to  Gartner,  by  2008, 80  percent 
of  software  development  projects  will  be  based  on  SOA. 

But  SOA  will  mean  dramatic  change  for  most  CIOs  and  their  departments.  SOA 
empowers  businesspeople  to  develop  their  own  services,  but  it  still  requires  CIO  lead¬ 
ership  to  manage  that  process.  It  both  enables  and  demands  alignment.  And  it  requires 
a  different  set  of  skills  within  IT:  object-oriented  development,  business  analysis  and 
complex  service  orchestration  skills  among  them.  CIOs  had  better  be  hiring  and/or 
building  those  skills  now  if  they  want  to  meet  their  bosses’  expectations. 

CIO  will  be  covering  this  transition  in  print,  online,  at  our  events  and,  in  our  next 
issue,  through  a  new  collaboration  with  our  sister  publication,  Computerworld.  You’ll 
find  our  existing  collection  of  knowledge  on  SOA  at  www.cio.com/soa. 

Are  you  ready  for  the  next  wave? 


Abbie  Lundberg,  Editor  in  Chief 
lundberg(a)cio.com 

P.S.  For  a  number  of  years  now,  some  of  our  busy  readers  have  been  asking  us  to  provide 
audio  versions  of  our  articles.  As  one  CIO  put  it,  “You  need  to  find  a  way  to  insert  your¬ 
self  into  the  spare  moments  in  my  day.”  So  a  few  months  ago,  we  started  “CIO  to  Go”— 
downloadable  MP3  versions  of  our  features  and  some  of  our  columns.  You’ll  find  these 
with  the  articles  on  our  website,  as  well  as  at  www.cio.com/podcasts.  Download  a  few 
before  your  next  commute  or  session  on  the  treadmill,  and  let  me  know  what  you  think! 


MARCH  15,  2006  |  www.cio.com 


PHOTO  BY  STEVEN  VOTE 


automation  &  control  »  building  technologies  •  energy  &  power  •  financial  services  •  hearing  solutions  •  home  appliances  •  information  &  conjtmiipi 
lighting  •  material  handling  •  medical  solutions  •  transportation  •  water  technologies  usa.siemens.com 


Who  is  improving  reliability 

on  one-third  of  the  nation's  power  grid? .Til  Hh* 

■  We  are.  We’re  Siemens,  a  global  innovation  company  helping  the  | 

!*  needs  of  businesses  and  communities  right  here  in  the  US. 

One  of  our  specialties  is  providing  the  most  advanced  power  generation,  f 

transmission  and  distribution  solutions  to  electric  utilities,  independent  Mi1!* Hi  ihn 

power  producers,  transmission  companies,  co-generators  and  other  large 

I  energy  consumers.  We’re  helping  our  customers  increase  capacity  on  1  IW-IMI 

existing  transmission  lines,  thus  improving  the  reliability  of  the  entire  $ 

grid.  We’re  providing  the  power  systems  that  generate  one-third  of  the  *j  ** 

nation’s  electricity.  But  unless  you’re  one  of  the  70,000  Americans  that  iltJHMi  .MAItfi 

we  currently  employ,  you  may  not  have  heard  of  us.  We’re  Siemens.  { ,it 

ill  SIEMENS 


*jnyTTV 

m  1  ihm. 

Ml 

4  ^iwuiaaiBi 


Global  network  of  innovation 


s*  nihil'11!!!.  jin. 

Mlltll  \  u:. 


FROM  THE  GEO 


BUSINESS  TECHNOLOGY  LEADERSHIP 

president  and  ceo  Michael  Friedenberg 
publisher  Gary  J.  Beach 


The  Trials  of  Change 

When  change  comes,  as  it  always  does,  some  adapt,  some 
resist  and  others  freeze— how  can  CIOs  thaw  them  out? 


It's  always  fascinating  to  see  how  companies 
make  decisions  to  improve  their  business  and  the 
value  they  deliver  to  customers.  These  can  be  sweep¬ 
ing  changes,  like  Konica  Minolta’s  decision  to  get 
out  of  the  camera  and  film  business,  Intel  moving 
from  a  chip-maker  with  the  slogan  “Intel  Inside”  to 
an  integrator  with  the  motto  “Leap  Ahead,”  or  Nike 
transforming  itself  from  a  sneaker  company  to  an 
apparel  company.  Or  they  can  be  subtler  changes 
that  set  the  tone  for  a  new  way  of  doing  business: 
Starbucks  selling  music;  2005  CIO  Enterprise  Value  Award  Grand  Winner  GM 
launching  OnStar  (see  “Highway  to  Value,”  www.cio.com/021S06)-,  Apple  releasing 
video-enabled  iPods.  These  are  all  bold  moves  by  companies  that  looked  at  their  cur¬ 
rent  landscape  and  said  it  was  time  either  to  pull  the  weeds  or  expand  the  horizon. 

These  are  risky  and  difficult  decisions  that  impact  the  structure  and  culture  of  an 
organization.  And  when  change  comes,  people  react  in  one  of  three  ways:  One  group 
will  immediately  hop  aboard,  another  will  fight  the  change  with  all  their  might,  and 
the  third  set  will  freeze  like  deer  in  the  headlights.  These  last  are  talented,  thoughtful 
people  who  know  the  train  is  leaving  but  are  not  sure  if  they  should  get  on  or  off.  And 
they  may  not  understand  that  another  train  is  never  going  to  come  down  the  track. 

As  business  technology  leaders,  you  know  how  to  manage  the  first  two  groups. 
Nurture  the  leaders.  Cut  bait  on  the  resisters.  But  what  do  you  do  with  the  last 
group?  If  they  stay  in  no-man’s  land  too  long,  they  could  paralyze  your  organization. 
How  much  time  do  you  give  them?  How  do  you  help  them  to  see  the  opportunity 
through  the  fear,  uncertainty  and  doubt?  What  leadership  and  management  philoso¬ 
phies  do  you  have  to  share? 

The  one  constant  in  today’s  market  is  change,  and  people  will  continue  to  either 
embrace  or  reject  it.  I  would  love  to  learn  how  you  communicate  your  company’s 
vision  and  motivate  your  team  to  move  forward.  Please  send  me  your  thoughts  so 
we  can  continue  this  dialogue  on  CIO.com.  Because,  as  the  “Monkey  Bar  Law”  goes, 
you  have  to  let  go  at  some  point  in  order  to  move  forward. 


Michael  Friedenberg,  President  and  CEO 

mfriedenberg(a)cio.com 


CXO  MEDIA 

CIRCULATION 

svp,  circulation  Carol  A.  Spach 
subscription  svcs.  supervisor  Tina  Pescaro 


CIO  EXECUTIVE  COUNCIL 

general  manager  Mark  Hall 

MANAGING  DIR.,  CONTENT  DEVELOPMENT  Richard  Pastore 

program  director  Shaw  Lively 
dir.,  external  relations  Karen  Fogerty 
director  of  research  Michael  Swenson 
marketing  communications  manager  Jennifer  Baker 
mgr.  of  operations  and  project  mgmt.  Jean  Costello 
dir.,  event  strategy  and  planning  Thomas  Bliss 
vp.  development  Dexter  Siglin 
director  of  relationship  management  Steve  Rovniak 
program  services  managers  Michael  Fahlsing,  Ellen 
Friedman.  Bill  Golden,  Carrie  Mathews,  Bill  Roche 
DEVELOPMENT  managers 
Ross  Chapin,  Patrick  Clarke.  Lauren  DeLong. 

Robert  Graham,  Andy  Kerr,  Amanda  Neal 
operations  coordinator  Darcy  Chamberlain 

EXECUTIVE  PROGRAMS 

vp,  executive  programs  Ellen  Daly 
vp,  conference  mgmt.  Cynthia  Mollus 
director  of  marketing  Mary  Cardwell 

DIRS.,  BUSINESS  DEVELOPMENT 

Chris  Mattoon,  John  Vulopas 

dir.,  event  planning  Amy  Turell 
conference  manager  Judith  Kittredge 
event  planner  Sarah  Yee 
designer  Andrea  Slobogan 
client  relations  associate  Lisa  Byron 
client  services  specialist  Cress  O'Brien 


ONLINE 

general  manager  Rob  O'Regan 
director  of  online  technology  Christopher  Murray 
manager  of  online  production  services  Todd  Borglund 
AUDIENCE  DEVELOPMENT  MANAGER  Judah  Phillips 
ONLINE  PRODUCERS 

Bill  Hall,  Jennifer  McCarthy,  Joe  Nguyen 

online  advertising  specialist  Irina  Gabechiia 

INFORMATION  SYSTEMS 

idg  dir.  of  information  services  Nancy  Newkirk 
infrastructure  manager  James  C.  Burgoyne 
lead  developer  Sean  McCracken 
senior  user  support  specialist  Christopher  A.  Kay 
user  services  specialist  Gloria  Lam 
web  developer  Sanghee  Seo 

PRODUCTION 

VP,  MANUFACTURING  ChriS  CU0C0 

production  manager  Heidi  Broadiey 
associate  production  manager  Lisa  M.  Stevenson 

MARKETING 

SR.  DIRECTOR.  MARKETING  COMM.  Sue  YanOVltch 

sr.  marketing  comm,  specialist  Susan  Maloney 
marketing  comm,  specialist  Lynn  Holmlund 

RESEARCH 

research  director  Lorraine  Cosgrove  Ware 
research  manager  Carolyn  Johnson 


ADMINISTRATION 

coo  Matt  Smith 

dir.,  finance  Margarita  Chiango 

finance  s.  operations  analyst  Chris  Bernardi 
executive  assistant  to  the  president  Diane  Martin 
billing  specialist  Joyce  Gillis 
facilities  specialist  John  Kelley 
office  services  coordinator  Mary  E.  Wooldridge 

HUMAN  RESOURCES 

vp,  human  resources  Patricia  Chisholm 
human  resources  director  Tanya  Bureau 
sr.  hr  representative  Beth  S.  Ramistella 


MEDIA  INC. 


INTERNATIONAL  DATA  GROUP 

board  chairman  Patrick  J.  McGovern 

president,  idg  communications  Bob  Carrigan 


10  MARCH  15,  2006  |  www.cio.com 


PHOTO  BY  CHRISTOPHER  HARTING 


#BPA 


WITH  AVAYA  IP  TELEPHONY,  JUST 
ONE  NUMBER  CAN  REACH  YOU 
ANYTIME,  ANYWHERE. 


AVAVA 


COMMUNICATIONS 
AT  THE  HEART  OF  BUSINESS 


Discover  What's  Possible  with.  Register 

for  the  Virtual  Technology  Summit 
at  avaya.com/vtechsummit  A 


w 

VIRTUAL 
TECHNOLOGY 
SUMMIT  2006 


FIRST  S00  REGISTRANTS  WILL  RECEIVE 
A  SWISS  ARMY  "  USB  LOADED  WITH 
VALUABLE  INSIGHTS 


WHAT  WE  COVER,  WHOM  TO  CONTACT 

CIO  CAREER 


BUSINESS  TECHNOLOGY  LEADERSHIP 


president  and  ceo  Michael  Friedenberg 
publisher  Gary  J.  Beach 

EDITORIAL 

editor  in  chief  Abbie  Lundberg 
managing  editor  David  Rosenbaum 
managing  editor,  production 

Cheryl  R.  Asselin 

EXECUTIVE  EDITORS 

Alison  Bass,  Christopher  Koch 

WASHINGTON  BUREAU  CHIEF 

Allan  Holmes 

TECHNOLOGY  EDITOR 

Christopher  Lindquist 

SENIOR  EDITORS 

Stephanie  Gelston,  Stephanie  Overby, 

Elana  Varon 

SENIOR  WRITERS 

Meridith  Levinson,  Susannah  Patton, 
Thomas  Wailgum,  Ben  Worthen 

CONTRIBUTORS 

Lauren  Capotosto,  Juan  Enriquez.  Grant  Gross, 
Louis  Gutierrez,  Fred  Hapgood,  Scott  Kirsner, 
James  Niccolai,  Juan  Carlos  Perez,  Michael  Schrage 

EDITORIAL  ADMINISTRATOR 

Jill  Paquette 

DESIGN 

EXECUTIVE  DIRECTOR,  ART  AND  DESIGN 

Mary  Lester 

art  director  Terri  Haas 

ASSOCIATE  ART  DIRECTORS 

Matthew  Goebel,  Chandra  Tallman 

COPY  TEAM 

copy  chief  Emily  S.  Henderson 

SENIOR  COPY  EDITORS 

Diann  Daniel,  Cathy  Mallen 

EDITORIAL  ASSISTANTS 

Margaret  Locher,  Katherine  Walsh 

EDITORIAL  INTERN 

Christopher  Lynch 

ONLINE  EDITORIAL 

WEB  EXECUTIVE  EDITOR 

Janice  Brand 

WEB  EDITORS 

Todd  Datz,  Sandy  Kendall,  Paul  L.  Kerstein 

ONLINE  NEWS  WRITER  Al  SaCCO 
online  copy  editor  David  Gradijan 

RESEARCH 

RESEARCH  DIRECTOR 

Lorraine  Cosgrove  Ware 

RESEARCH  MANAGER 

Carolyn  Johnson 


CXO\MEDIA  INC. 

INTERNATIONAL  DATA  GROUP 
board  chairman  Patrick  J.  McGovern 
president,  idg  communications  Bob  Carrigan 


©CXO  Media  Inc. 


■  Skills 

■  Job  Specs 

■  Career  Path 

■  Professional  Development 

■  Personal  Development 

Meridith  Levinson,  mlevinson@cio.com 
Stephanie  Gelston,  sgelston@cio.com 

LEADERSHIP  &  MANAGEMENT 

■  Governance  &  Alignment 

■  Budget  Management  &  IT  Value 

■  Business  Process  Redesign 

■  Management  Methodologies 

■  Project  Management 
Elana  Varon,  evaron@cio.com 
Christopher  Koch,  ckoch@cio.com 

SOURCING  AND  STAFFING 

■  Outsourcing/Insourcing 
•  Staffing 

■  Vendor  Management 

■  Knowledge  Management 

Stephanie  Overby,  soverby@cio.com 
Stephanie  Gelston,  sgelston@cio.com 

RISK  MANAGEMENT 

■  Security 

■  Privacy 

■  Business  Continuity 

■  Compliance 

Ben  Worthen,  bworthen@cio.com 
Allan  Holmes,  ahoimes@cio.com 
Susannah  Patton,  spatton@cio.com 


Applied  Insight 

Christopher  Koch,  ckoch@cio.com 

Book  Reviews 

Elana  Varon,  evaron@cio.com 

By  the  Numbers 

Elana  Varon,  evaron@cio.com 

Endlines 

Alison  Bass,  abass@cio.com 

Essential  Technology 

Christopher  Lindquist,  clindquist@cio.com 

Forum 

Cheryl  Asselin,  casselin@cio.com 

InBox 

Cheryl  Asselin,  casselin@cio.com 

Keynote 

Alison  Bass,  abass@cio.com 


ENTERPRISE 

INFRASTRUCTURE 

■  Enterprise  Architecture,  SOA 

■  Middleware 

■  Enterprise  Resource  Management  (ERP) 

■  Supply  Chain  Management  (SCM) 

■  B2B  Electronic  Commerce 

Christopher  Koch,  ckoch@cio.com 
Ben  Worthen,  bworthen@cio.com 

CUSTOMERS 

■  Customer  Resource  Management  (CRM) 

■  B2C  Electronic  Commerce 

■  Business  Intelligence 

Thomas  Wailgum,  twailgum@cio.com 
Susannah  Patton,  spatton@cio.com 

TECHNOLOGY 

■  Emerging  Technology 

■  Networking  &  Communications 

■  Data  Center 

■  Storage 

■  Hardware 

Christopher  Lindquist,  clindquist@cio.com 
Thomas  Wailgum,  twailgum@cio.com 

HEALTH  CARE 

Alison  Bass,  abass@cio.com 

GOVERNMENT 

Allan  Holmes,  aholmes@cio.com 


Martha  Heller 

Stephanie  Gelston,  sgelston@cio.com 

Michael  Schrage 

Alison  Bass,  abass@cio.com 

On  the  Move 

Meridith  Levinson,  mievinson@cio.com 

Peer  to  Peer 

Alison  Bass,  abass@cio.com 

Susan  Cramm 

David  Rosenbaum,  drosenbaum@cio.com 

Total  Leadership 

Elana  Varon,  evaron@cio.com 

Trendlines 

Elana  Varon,  evaron@cio.com 

Washington  Watch 

Allan  Holmes,  aholmes@cio.com 
Ben  Worthen,  bworthen@cio.com 


e-mail  letters@cio.com  phone  508  872-0080  fax  508  879-7784  address  CIO  Magazine,  CXO  Media  Inc.. 
492  Old  Connecticut  Path,  P.O.  Box  9208,  Framingham,  MA  01701-9208  website  www.cio.com 
subscriber  services  866  354-1125  •  Fax  847  564-9453  •  E-mail  cio@omeda.com 
reprint  services  Jennifer  Eclipse  •  PARS  International  •  212  221-9595  ext.  237  •  E-mail  jechpse@parsintl.com 
rights  and  permission  Yadira  Pizarro  •  212  221-9595  ext.  231  •  E-mai\ yadira@parsintl.com 


COLUMN  &  DEPARTMENT  CONTACTS 


12 


MARCH  15,  2006  |  www.cio.com 


meet  the  CEO  of 


At  T-Mobile",  using  real-time  reporting  to  meet  customer  needs  is  an  easy  call. 


fulfilling  high  expectations 


Business  Performance  on  an  entirely  new  scale.  From  incoming  calls 
to  outgoing  packages,  T-Mobile  improves  service  for  its  20  million  subscribers 
with  business  intelligence  provided  by  Business  Objects.  When  everyone  in  your 
company  has  better  information,  you  get  better  results.  And  so  do  your  customers. 


Business  Objects 


■nr: 

Your  potential.  Our  passion. 

Microsoft 


lettatnefi  [  jgtiainetf 


C  C  ;g  IfttWl  J 

'  ■ 

•*«.>  -  -  — — - - - p-,, -  ’• 

.'.’..I. 

HSSSB2H  **?•*  <4ssi*  ~ 

&  ,•  V  : 

y.".....'.  •  ..  -  *  %  ■ 

£3323 '  '  ;  j  1.  s  W-  — — 

A  Company  Tracking  9  Million  Container  Moves  a  Year. 

Running  on  Microsoft  SQL  Server  2005. 


Jettainer  manages  shipping  containers  for  Lufthansa  and  US  Airways  on  3,000 
flights  to  400  airports  every  day.  To  keep  up  with  a  database  growing  at  30%  a 
year,  they  upgraded  to  SQL  Server™  2005.  See  how  at  microsoft.com/bigdata 


Microsoft* 

Windows 
Server  System 


Afarfierof 


D-ALCSa 


mamaO*1 


HANAW- 


1 J  .. 

centrmo 


Motion 

Computing 


World’s  smallest, 
most  compact  Tablet 


The  LS800  Tablet  PC's  unique  size 
and  remarkable  power  delivers 
outstanding  mobile  performance 
and  productivity  with  Intel® 
Centrino®  Mobile  Technology. 


Motion  Computing’s  LS800  Tablet  PC  is  a  true  breakthrough  in  size  and 
performance.  Weighing  only  2.2  pounds  and  about  the  size  of  a 
paperback,  the  powerful  LS800  features  Intel®  Centrino® 

Mobile  Technology  for  exceptional  mobile  performance 
and  productivity.  Experience  the  versatility  and  mobility 
of  the  Motion  LS800  pre-installed  with  Microsoft® 

Windows®  XP  Tablet  PC  Edition  2005.  Don’t  let  its 
small  size  fool  you,  the  LS800  Tablet  PC  gives 
you  all  the  advantages  of  a  full-strength 
operating  system  and  is  tough  enough 
to  go  just  about  anywhere. 


durable 


In  the  U.S.  and  Canada,  contact  your 

Motion  Solution  Provider, 

call  1 .866.MTABLET  or 

visit  www.motioncomputing.com 


The  Motion™  LS800  is  the  first  to  give  you  full  desktop 
functionality  in  an  ultra-mobile  slate  Tablet  PC  - 
it’s  the  only  PC  you’ll  need. 


Motion  recommends 

Microsoft®  Windows®  XP  Tablet  PC  Edition. 


TECHNOLOGY 


©  2006  Motion  Computing,  Inc.  All  rights  reserved.  All  product  information  is  subject  to  change  without  notice.  Motion  Computing,  Speak  Anywhere  and  View  Anywhere  are  registered  trademarks  and 
Motion  is  a  trademark  of  Motion  Computing,  Inc.  in  the  United  States  and/or  other  countries.  Microsoft  Windows,  Windows  XP  and  Windows  XP  Tablet  PC  Edition  are  either  registered  trademarks  or 
trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  Intel,  Intel  logo,  Intel  Inside,  Intel  Inside  logo,  Intel  Centrino  and  the  Intel  Centrino  logo  are  trademarks  or  registered 
trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  All  other  trademarks  and  registered  trademarks  are  property  of  their  respective  owners. 


trendlines 

EDITED  BY  ELANA  VARON  !  NEW  *  HOT  *  UNEXPECTED 


After  Deaths, 
Mining  Industry 


After  four  mining  acci¬ 
dents  in  January  and  early  February  killed  16  people  in  West 
Virginia,  industry  experts  are  studying  whether  information 
technology  can  help  to  prevent  future  fatalities.  But  there’s  lit¬ 
tle  agreement  about  which  technologies  can  do  the  most  good. 

Investment  in  mine  safety  technology  has  lagged  for  years, 
partly  because  the  government  hasn’t  pushed  for  improve¬ 
ments.  Mining  regulations  instead  are  focused  on  training  and 
accident  prevention,  says  Keith  Pauley,  CEO  of  the  nonprofit 
Mid-Atlantic  Technology,  Research  &  Innovation  Center 
(Matric).  “The  legislators  think  that  if  they  prevent  an  acci¬ 
dent,  it’s  better  than  reacting  afterward,”  he  says. 

Meanwhile,  the  mining  industry  has  been  “lulled  to  sleep”  by 
decreasing  accident  rates,  says  R.  Larry  Grayson,  a  professor  of 
mining  engineering  at  the  University  of  Missouri-Rolla.  Since 
1990,  U.S.  mine  injuries  have  Continued  on  Page  18 


nternel 


ONLINE  MEDIA  Microsoft  Shut 

down  a  Chinese  blogger  recently  because 
he  discussed  the  government’s  firing  of  a 
newspaper  editor  in  Beijing.  A  few  weeks 
later,  Google  announced  plans  to  offer 
Chinese  versions  of  its  search  and  news 
sites  that  censor  material  the  Chinese 
government  finds  offensive,  arguing  that 
censored  service  is  better  than  nothing. 

As  the  Internet  matures  into  a  global 
medium  for  both  commerce  and  infor¬ 
mation,  can  these  uses  coexist?  Or  must 
companies  trample  free  speech  to  do 


business  in  China? 

The  answer  isn’t  clear.  Microsoft, 
Google  and  Yahoo  (which  has  been 
accused  of  providing  information  to  the 
Chinese  government  that  led  to  a  jour¬ 
nalist  being  jailed)  have  asked  Congress 
for  help.  The  three  companies  want  the 
U.S.  government  to  redefine  free  trade  to 
include  the  free  flow  of  information.  An 
official  government  stand  against  cen¬ 
sorship  would  provide  these  companies 
with  a  negotiating  tool  when  they  are 
asked  to  censor  their  sites  abroad. 


The  State  Department  is  investigating 
the  policy  aspects  of  Internet  freedom. 

But  Rep.  Chris  Smith  (R-N.J.),  who  heads 
a  House  subcommittee  on  human  rights, 
says  U.S.  companies  shouldn’t  help  China 
deprive  people  of  free  speech. 

Meanwhile,  Microsoft  is  developing  a 
system  to  block  content  that  a  govern¬ 
ment  objects  to  while  keeping  it  available 
to  the  rest  of  the  world.  Free  speech  advo¬ 
cates  say  this  shows  Microsoft  is  aware  of 
its  ethical  dilemma,  but  they  criticize  the 
company's  proposed  solution.  - Al  Sacco 


PHOTO  BY  OWENSBORO  MESSENGER  INQUIRER/AP 


www.cio.com  |  MARCH  15,  2006 


1  7 


Help  for  Librarians 

desktop  computing  With  children  clonking  on  keyboards, 
patrons  downloading  viruses  and  kleptomaniacs  swiping  mice,  library 
computers  quickly  end  up  in  PC  morgues. 

“When  we  started  offering  Internet  access,  people  would  go  in  and 
change  the  settings  and  reset  the  computer  every  day,”  says  Nancy  Fer¬ 
guson,  library  access  services  manager  at  the  Richmond  Public  Library 
in  California.  “People  just  destroyed  the  computers.” 

That  was  before  Richmond  implemented  DiscoverStation,  offered  by 
Calgary,  Canada-based  Userful.  DiscoverStation  uses  one  Linux  desktop 
to  power  up  to  10  workstations,  leaving  only  monitors,  keyboards, 
floppy  drives  and  mice  subject  to  public  torture. 

Since  its  installation  last  July,  the  multiuser  solution  has  allowed  Rich¬ 
mond  librarians  to  concentrate  on  what  they  do  best— helping  patrons 
find  information.  Prior  to  installation,  a  librarian  spent  up  to  two  hours 
each  morning  deleting  files  people  had  left  on  PCs.  But  DiscoverStation 
clears  personal  information  and  other  modifications  users  have  made 
(including  browser  history  and  cookies)  with  each  logout.  Another  time- 
saver:  Staffers  no  longer  spend  time  installing  firewall  protection  because 
DiscoverStation  features  a  built-in  security  system. 

Other  features  include  Internet  filtering  (to  block  pornography, 
gambling  and  other  sites  deemed  inappropriate  for  library  use)  and 
open-source  software  compatible  with  Microsoft  Office.  But  for  Kristin 
Shoemaker,  reference  and  systems  librarian  at  the  Malden  Public  Library 
in  Massachusetts,  DiscoverStation’s  biggest  draw  is  its  scheduling  capabil¬ 
ity.  The  library  previously  used  software  that  was  so  buggy  that  staff  often 
resorted  to  pencil  and  paper  sign-ins  to  manage  user  sessions.  “People 
would  cross  out  other  people’s  names  on  the  grid,  or  were  confused  and 
put  their  name  in  the  wrong  places.  Sometimes  even  fights  would  break 
out,”  she  says. 

Shoemaker  purchased  14  workstations,  three  years  of  support,  an 
optional  user  authentication  feature  and  a  printer  for  under  $22,000. 

“If  we  hadn’t  had  the  DiseoverStations,  more  than  likely  we  would  have 
gone  without,”  says  Shoemaker.  “Gone  without  adequate  antivirus,  gone 
without  upgrading  at  all,  and  the  machines  would  have  gone  further 
and  further  downhill.”  - Lauren  Capotosto 


declined  by  51  percent  and  fatalities  by  almost 
67  percent,  according  to  the  National  Mining 
Association.  “This  year,  all  of  a  sudden,  has 
turned  that  all  around,”  Grayson  says. 

The  mining  association  has  asked  Grayson, 
a  former  coal  mine  manager,  to  head  an  inde¬ 
pendent  commission  on  mine  safety.  Part  of 
the  commission’s  work  will  be  to  examine 
which  technologies  could  help.  Meanwhile, 
the  West  Virginia  legislature  passed  a  bill 
requiring  wireless  communications  inside 
mines.  In  the  Sago  mine  explosion  in  Tall- 
mansville,  W.Va.,  where  12  miners  died,  fire 
damaged  a  wireline  communications  system, 
leaving  the  miners  without  a  way  to  talk  to  the 
surface.  Most  U.S.  mines  use  some  type  of 
wireline  system,  experts  say. 

Other  technologies  have  potential  to 
improve  mine  safety  by  enabling  miners  to 
communicate  more  reliably  with  rescuers.  But 
even  the  best  options  are  far  from  perfect,  says 
Matt  Ward,  managing  director  of  Varis  Mine 
Technology.  Varis  makes  communications 
products  such  as  “leaky  feeder"  cables,  which 
transmit  wireless  voice,  video  and  data 
through  a  cable  that  can  be  strung  throughout 
a  mine.  The  cable  “leaks”  radio  signals,  acting 
much  like  a  surface  antenna.  But,  like  tele¬ 
phone  wires,  the  cables  can  be  severed  in  a 
mine  collapse  or  damaged  by  fire. 

Another  technology,  ultra-low  frequency 
text-messaging,  would  enable  communica¬ 
tion  from  outside  mines  without  cables  or 
wires.  But  it  works  only  one  way.  Anyone  on 
the  surface  could  transmit  messages  under¬ 
ground,  but  workers  inside  the  mines  could 
not  send  messages  in  return. 

Matric  has  also  proposed  that  mines  use 
a  combination  of  technologies,  including  sen¬ 
sors  to  monitor  miners’  vital  signs  and  radio 
frequency  identification  systems  to  track 
vehicles  inside  mines.  Other  mining  experts 
suggest  using  robots  to  scout  out  trapped 
miners,  an  idea  that  hasn’t  caught  on  partially 
because  of  the  high  cost. 

Grayson  says  the  best  solution  is  a  mix  of 
overlapping  technologies,  but  deploying 
several  different  communications  networks 
can  cost  hundreds  of  thousands  of  dollars 
per  mine. 

-Grant  Gross 


1  8 


MARCH  15,  2006  I  www.cio.com 


PHOTO  BY  ANDERSEN  ROSS/GETTY  IMAGES 


TRENDLINES 


LESS  SHOUTING  MORE  TRADING.  At  Chicago  Mercantile  Exchange,  the  world's  largest  and  most  diverse 
financial  exchange,  business  is  growing  rapidly.  The  proof?  Nearly  four-and-a-half  million  contracts  traded 
per  day  —  up  more  than  thirty-five  percent  in  a  year.  Powerful  64-bit  Intel"  Xeon®  processor-based  servers 
and  Intel's  vast  software  ecosystem  support  CME's  staggering  growth.  CME  can  quickly  accommodate  rising 
trade  volumes  while  adding  new  technology  services  for  customers.  The  move  to  Intel-based  solutions  is 
delivering  a  five-fold  performance  increase  over  legacy  RISC  platforms.  Is  it  time  for  your  organization  to 
trade  up?  Read  about  CME's  built-in  advantages  at  intel.com/builtin.  :■ 


•  ■  ■  v  -  gag 


TRENDLINES 


How  to  Get  a  Job  as  a  CIO 

What  IT  executives  learned  on  their  way  up  the  ladder 


book  review  Greg  Smith 
became  the  CIO  of  the  World  Wildlife 
Fund  five  years  ago  at  the  age  of  37.  As  he 
climbed  the  career  ladder,  he  worked  as  a 
programmer,  a  consultant,  and  a  senior 
IT  manager  and  taught  at  a  local  univer¬ 
sity.  In  Straight  to  the  Top:  Becoming  a 
World-Class  CIO ,  Smith  describes  what 
he  learned  along  the  way. 

His  purpose  is  to  advise  up-and-com¬ 
ing  IT  executives  about  the  skills  they 
should  have  in  order  to  land  their  first 
CIO  position— among  them,  experience 
with  project  management,  outstanding 
communication  skills,  expertise  in  man¬ 
aging  vendors  and  a  strategy  for  work¬ 
ing  with  executive  recruiters.  The  book 
is  partly  a  review  of  existing  literature 
on  best  practices  in  IT  management  and 
partly  a  forum  for  Smith  and  other  CIOs 
to  communicate  their 
observations  about 
how  to  succeed.  (Full 


disclosure:  Smith  is  a  member  of  the  CIO 
Executive  Council,  a  professional  com¬ 
munity  managed  by  CIO’s  publisher,  and 
he  has  written  for  this  magazine.) 

Smith  is  best  when  he  analyzes  his 
personal  experiences.  In  combing  that 
terrain,  he  delivers  an  unusual  insight: 
One  of  the  most  valuable  career  experi¬ 
ences  an  aspiring  CIO  can  have  is  to  work 
as  a  consultant.  Consultants,  he  argues, 
earn  their  bread  by  listening  closely  to 
their  clients.  They  develop  top-notch 
communication  skills,  gain  experience  in 
multiple  aspects  of  business  and  assimi¬ 


late  best  practices  for  system  develop¬ 
ment.  It’s  good  preparation,  he  thinks, 
for  a  job  in  which  success  depends  on 
one’s  ability  to  establish  strong  relation¬ 
ships  with  business  users. 

Smith  also  argues  that  one  key  to 
advancing  is  to  network.  But  it’s  a  chal¬ 
lenge  for  technologists  who  are  typically 
introverts.  Smith  explains  how  he  does 
it.  He  also  prescribes  golf  as  a  way  to 
build  relationships.  (He  says  it  saved  his 
sanity  by  getting  him  out  of  the  office.) 
Even  aspiring  executives  need  to  have 
fun  once  in  a  while.  -Elana  Varon 


[Straight  to  the  Top:  Becoming  a  World-Class  CIO 

By  Gregory  S.  Smith 

John  Wiley  &  Sons,  2006,  $34.95 


The  Penguin  in  Africa 


open  source  Senegal’s  state  IT  agency  is  turning  to  open- 
source  software  to  avoid  paying  what  it  sees  as  prohibitively  expensive 
licensing  fees  for  commercial  software. 

“We  are  an  underdeveloped  country  without  enough  funding  for 
expensive  software,”  says  Tidiane  Seek,  director  of  Senegal's  Agence 
De  I’lnformatique  de  I’Etat  (ADIE)  Dakar. 

The  move  has  been  under  way  for  a  little  over  a  year,  beginning  soon 
after  the  formation  of  ADIE.  The  agency  is  charged  with  developing  an 
IT  infrastructure,  including  a  high-speed  network  and  applications  for 
accounting,  payroll  and  other  functions,  for  Senegal's  government 
ministries.  ADIE  runs  Linux  on  its  approximately  100  file,  e-mail  and 
directory  servers  and  uses  MySQL  AB's  open-source  database.  The 
agency  is  also  deploying  ERP5,  an  enterprise  resource  planning  pack¬ 
age  from  Nexedi,  a  French  software  and  services  company.  The  ERP 
software  also  runs  on  Linux  servers. 

Even  some  big  businesses  in  Senegal  do  not  have  the  budget  to  buy 
ERP  software  from  vendors  such  as  SAP  and  Oracle,  Seek  notes. 


Nexedi  offered  French  government  agencies  free  training  on  its  soft¬ 
ware  if,  in  return,  the  trainee  contributed  to  the  software’s  develop¬ 
ment,  said  Jean-Paul  Smets-Solanes,  Nexedi’s  chief  executive. 

No  French  agencies  responded,  but  word  of  the  offer  reached  Sene¬ 
gal  where  Mayoro  Diagne,  a  developer  with  ADIE,  took  the  training 
course  and  developed  a  new  budgeting  module  for  ERP5.  Senegal,  in 
West  Africa,  is  a  former  French  colony. 

The  Senegalese  IT  agency  has  installed  Nexedi’s  payroll,  accounting 
and  budgeting  modules  internally  where  they  are  used  by  about  a 
dozen  people,  Seek  says.  "What  we  are  doing  now  is  using  ourselves  as 
a  kind  of  pilot,  and  we  intend  to  push  other  government  agencies  to  use 
these  systems.” 

Microsoft  had  originally  sought  the  ERP  contract  with  the  Sene¬ 
galese  agency,  according  to  Diagne.  Smets-Solanes  said  the  agency 
was  using  a  Microsoft  Excel  application  that  it  had  modified  internally 
for  its  payroll  operations. 

-James  Niccolai 


2  0 


MARCH  15,  2006  |  www.cio.com 


WINDOWS® 


niMiQutsi 


LINUX® 


Fujitsu  PRIMEQUEST™  Servers  with  Intel®  Itanium®  2  Processors . 

Mainframe  Reliability.  Sized  for  the  Mainstream. 


For  decades,  CIOs  have  trusted 
Fujitsu  mainframes  to  run  their  mission- 
critical  applications.  Now  you  can 
get  the  same  robust  engineering  and 
innovative  design  with  the  highly  reliable, 
high  performance  Fujitsu  PRIMEQUEST 
servers  featuring  Intel®  Itanium®  2  Processors. 
Designed  for  Microsoft®  Windows®  and 
Linux®  environments  to  run  mission  critical 


System  Mirror 

PRIMEQUEST  servers  offer  the  ability  to  run 
memory  and  crossbars  as  mirrored  pairs.  This 
option,  enabled  via  the  Dual  Synchronous 
Architecture  in  PRIMEQUEST  servers,  provides 
fault  immunity  for  the  hosted  operating  system 
and  applications.  The  use  of  System  Mirror 
transparently  guards  against  hardware  errors 
that  could  otherwise  cause  a  system  panic. 


applications,  PRIMEQUEST  servers 
harness  the  power  and  performance 
of  up  to  32  Intel®  Itanium®  2  Processors, 
to  easily  accommodate  your  largest 
applications.They  are  designed  with  integrated 
networking  and  management  features  for 
simplicity  and  offer  flexible  I/O  and  partitioning 
that  enhances  your  agility  to  respond  to 
dynamic  business  requirements. 


To  learn  more  about  how  Fujitsu  PRIMEQUEST  servers  bring  mainframe  reliability  to  mainstream  environments, 

visitus.fujitsu.com/computers/PRIMEQUEST  or  call  I  -800-83  1-3 1 83 


©  2006  Fujitsu  Computer  Systems  Corporation.  All  rights  reserved.  Fujitsu,  the  Fujitsu  logo  and  PRJMEQULST  are  trademarks  or  registered  trademarks  of  Fujitsu  Limited  m  the  United  States  and  othei 
countries.  Intel.  Intel  Inside.  Itanium,  Itanium  Inside,  the  Intel  logo  and  the  Intel  Inside  logo  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  susidiaoes  m  the  United  States  and  otfier 
countries..  Microsoft  and  Windows  are  registered  trademarks  or  trademarks  of  Microsoft  Corp.  in  the  United  States  and/or  other  countries.  Linux  is  the  registered  trademark  of  Unus  Torvalds  in  the  US. 

and  other  countries.  All  other  trademarks  mentioned  herein  are  the  property  of  their  respective  owner's. 


States  Suggest 

FixforWhat 

AilsDHS 


security  The  U.S.  Department  of 
Homeland  Security  could  do  a  better  job  of 
helping  state  and  local  governments  protect 
their  IT  infrastructures  from  attackers,  accord¬ 
ing  to  the  National  Association  of  State  Chief 
Information  Officers  (Nascio). 

Specifically,  DHS  should  do  more  to  pro¬ 
mote  its  existing  IT  security  programs,  best 
practices  and  methodologies,  as  well  as  tools 
for  risk  assessment,  operations  continuity 
planning  and  training,  says  Denise  Moore, 
chief  information  technology  officer  with  the 
state  of  Kansas. 

The  recommendations  are  based  on  two  sep¬ 
arate  surveys  of  state  and  local  IT  officials,  such 
as  CIOs  and  CSOs,  conducted  by  Nascio  and  the 
Metropolitan  Information  Exchange,  an  organi¬ 
zation  for  local  government  IT  executives. 

The  relationship 
between  DHS  and  IT 
officials  from  state 
and  local  govern¬ 
ments  is  “detached,” 
says  Moore,  who 
heads  Nascio’s  infor¬ 
mation  security  com¬ 
mittee.  She  suggests 
that  DHS’s  National 
Cyber  Security  Divi¬ 
sion  do  more  out¬ 
reach.  In  addition, 
she  says,  DHS  can  do 
better  to  assess  state  and  local  cybersecurity 
needs,  which  would  boost  the  likelihood  of 
state  and  local  agencies  getting  funding 
increases  to  protect  their  systems.  Moore  also 
says  DHS  should  focus  more  on  supporting 
state  and  local  CIOs  on  matters  related  to 
criminal  or  malicious  attacks  and  on  problems 
caused  by  internal  employees’  “ineptitude" 
concerning  IT  security.  -Juan  Carlos  Perez 


watch 


Patent  Reform  Too  Late 
For  BlackBerry  Users 

Pharma,  IT  industries  battle  over  proposed  bill 


Rep.  Lamar 
Smith  (R-Texas) 


A  Texas  congress¬ 
man  plans  to  reignite 
his  effort  to  reform 
how  intellectual 
property  disputes 
are  conducted,  such 
as  the  one  being 
duked  out  by 
BlackBerry  maker 
Research  In  Motion 
(RIM)  and  NTR  If  the  bill  spon¬ 
sored  by  Rep.  Lamar  Smith  (R- 
Texas)  is  enacted,  it  could 
protect  end  users  from  losing  the 
right  to  use  disputed  technolo¬ 
gies  while  a  patent  infringement 
case  is  being  adjudicated. 

Smith  is  chairman  of  the 
House  Judiciary  Committee’s 
Subcommittee  on  Courts,  the 
Internet  and  Intellectual  Prop¬ 
erty.  His  bill  constitutes  the 
biggest  overhaul  of  the  patent 
system  in  more  than  50  years. 

An  early  version  of  the  bill  pro¬ 
posed  eliminating  injunctions  in 
patent  infringement  cases,  such  as 
the  injunction  NTP  requested 
against  RIM,  which,  if  granted, 
would  halt  BlackBerry  service  in 
the  United  States.  The  threat  of  an 
injunction  is  typically  enough  of 
an  incentive  to  convince  an  alleged 
infringer  to  settle  with  the  com¬ 
pany  that  claims  it  has  been  dam¬ 
aged.  But  RIM  has  refused  to  do  so. 

However,  large  pharmaceutical 
companies  rely  on  injunctions  to 
stop  competitors  from  copying 
drugs  still  under  patent  protec¬ 


tion.  The  pharmaceuti¬ 
cal  lobby  helped  derail 
Smith’s  bill  last  sum¬ 
mer.  Recently,  however, 
Smith  held  meetings 
with  representatives 
from  both  the  technol¬ 
ogy  and  pharmaceuti¬ 
cal  industries  in  an 
attempt  to  find  common 
ground.  Both  groups,  for  example, 
are  open  to  changing  the  current 
system,  which  awards  patent 
rights  to  whoever  can  prove  he 
invented  something,  to  a  system 
that  grants  the  patent  to  the  first 
person  to  register  an  invention. 

Ronald  Riley,  president  of  the 
Professional  Inventors  Alliance, 
is  against  the  bill.  He  says  that  if 
Congress  eliminates  injunc¬ 
tions— often  the  only  legal 
recourse  that  small  companies 
and  independent  inventors  have 
in  a  patent  dispute— then  large 
technology  companies  will  have 
what  amounts  to  grabbing  rights 
over  emerging  technologies.  He 
says  his  group  is  prepared  for  a 
“bloody”  fight. 

Smith  says  he  is  optimistic 
that  he  can  pass  the  legislation 
this  year.  But  patent  reform  will 
come  too  late  to  help  RIM— or 
BlackBerry  users— in  the  suit 
with  NTP.  At  press  time  a  judge 
was  considering  final  arguments 
for  and  against  NTP’s  injunction 
request. 

-Ben  Worthen 


22 


MARCH  15,  2006  |  www.cio.com 


PHOTO  LEFT  BY  CORBIS 


Now  there’s  a  communications  team  with  the  resources  to  deliver  a 
far-reaching  global  IP  network,  the  expertise  to  create  solutions  that  work 
for  your  business,  and  the  dedication  to  be  there  when  you  need  them. 

Meet  your  new  communications  partners  at  verizonbusiness.com 


VGtITOnbusiness 

MMHK 

We  never  stop  working  for  you. 


Imagine  a  global 
communications 
company  where 
capability  and 
accountability 
work  hand  in  hand. 


that  works  ■ 


A-i- 


BY  KATHERINE  WALSH 


Time  in  Training 
Often  Wasted 

Highly  paid  workers  most  likely  to 
benefit  from  learning  new  skills 

ONE  IN  THREE  WORKERS  thinks  the  time  he  spent  in  his  last 
training  session  probably  would  have  been  better  spent  else¬ 
where,  according  to  a  survey  by  Hudson,  a  staffing  and  consulting  services  company. 
Among  these  workers,  12  percent  think  the  training  was  a  complete  waste  of  their  time. 

Although  the  poll  did  not  ask  the  1,674  respondents  what  their  jobs  were,  Rose  Pagliari,  an 
associate  director  with  Hudson’s  Learning  and  Development  Group,  says  the  results  are  rele¬ 
vant  to  IT  workers.  “Technology  is  constantly  changing,  and  for  these  workers  to  stay  abreast 
of  what’s  happening  in  the  market,  they  need  to  keep  their  skills  up-to-date,”  she  says. 

Self-improvement  was  the  main  reason  for  participation  in  training;  68  percent  of 
respondents  said  they  attended  training  because  they  thought  it  would  provide  useful,  job- 
related  information.  Another  28  percent  said  they  were  told  to  go.  The  remaining  3  percent 
went  to  training  to  meet  people  or  to  get  out  of  the  office. 

Pagliari  says  that  for  IT  training  programs  to  be  worthwhile,  they  need  to  combine  the  teach¬ 
ing  of  new  technology  skills  with  education  about  softer  skills,  such  as  business,  communica¬ 
tion  and  negotiation,  “giving  [workers]  the  ability  to  become  well-rounded  businesspeople.” 

According  to  the  survey,  employees  with  the  highest  incomes  are  the  most  likely  to 
participate  in  and  benefit  from  training.  However,  lower-income  employees  are  the  most 
likely  to  pursue  future  training  opportunities. 

Pagliari  says  that  companies  usually  invest  more  in  training  for  their  high-income 
employees  because  they  are  further  along  in  their  careers  and  make  a  more  direct  contri¬ 
bution  to  their  company’s  bottom  line.  In  addition,  she  says,  higher-income  workers— 
because  they  already  have  specialized  skills— often  get  more  out  of  training  because  it’s 
more  targeted  to  their  needs.  But  training  of  lower-paid  employees  can  help  companies 
attract  and  retain  talent. 


Train  Your 
Top  Earners 

Highly  paid  workers 
are  more  likely  to  get 
training— and  are  more 
likely  to  benefit  from  it— 
than  their  lower-paid 
colleagues. 


EMPLOYEE 

ANNUAL  SALARY 

if 

$100,000  or  more 

64% 

68% 

$75,000-$100,000 

55% 

59% 

$60,000-$75,000 

61% 

68% 

$40,000-$60,000 

52% 

60% 

$20,000-$40,000 

45% 

55% 

Less  than  $20,000 

33% 

52% 

Best 

Practices: 

<|  "1  Match  training  to 
jobs.  Training  should 
be  related  to  employees’ 
job  requirements  and  the 
skills  they  need  to  perform 
their  work.  Choose  a  train¬ 
ing  program  that  will  teach 
employees  skills  that  are  in 
demand  in  their  profession 
or  that  they  will  utilize 
within  one  to  two  months 
of  taking  the  class.  This  is 
the  best  way  to  ensure  that 
employees  get  the  maxi¬ 
mum  benefit,  Pagliari  says. 

"1  Prepare  workers 
ahead  of  time.  Make 

sure  employees  meet  any 
prerequisites  for  their 
training  and  know  enough 
about  the  subject  (includ¬ 
ing  what  they  want  to  take 
away  from  the  course)  to 
actively  participate.  If  the 
training  is  not  appropriate 
for  employees’  level  of 
expertise,  or  if  they  lack 
enough  experience  and 
background  knowledge, 
the  training  will  be  a  waste 
of  their  time  and  the  com¬ 
pany's  money. 

^"1  Follow  up.  It’s  hard 
to  tell  how  effective  a 
training  program  has  been 
until  after  the  employees 
have  been  back  on  the  job 
for  awhile.  According  to 
Pagliari,  a  positive  change 
in  an  employee’s  job  per¬ 
formance  is  the  best  way 
to  measure  success. 


24 


MARCH  15,  2006  |  www.cio.com 


PHOTO  BY  DANIELA  ANDREEA  SPYROPOULOS/iSTOCKPHOTO.COM 


TRENDLINES 


Oracle  Database  10 g 


#1  On  Windows 


Starts  at  $149  per  user 


Oracle  Database  lOg— 

The  World's  #1  Database.  Now  For  Small  Business. 


oracle.com/start 
keyword:  #1onWindows 
or  call  1.800.633.0675 

Terms,  restrictions  and  limitations  apply.  Standard  Edition  One  is  available  with  Named  User  Plus  licensing  at  $149  per  user  with  a  minimum  of  five 
users  or  $4995  per  processor.  Licensing  of  Oracle  Standard  Edition  One  is  permitted  only  on  servers  that  have  a  maximum  capacity  of  2  CPUs  per 

server.  For  more  information,  visit  oracle.com/standardedition 

Copyright  ©  2005,  Oracle.  All  rights  reserved.  Oracle.  JD  Edwards  and  PeopleSoft  are  registered  trademarks  of  Oracle  Corporation  and/or  its  affiliates. 

Other  names  may  be  trademarks  of  their  respective  owners. 


Infrastructure  for  the  Mission-Critical  Facilities 
You  Simply  Can’t  Afford  to  Lose,  Ever. 


For  your  FREE  Whitepaper, 
A  Practical  Guide 


For  All  Its 
High  Technology, 
Your  Mission-Critical 
Facility  Is  Still  Only  as 
Strong  as  the  Physical 
Infrastructure 
That  Supports  It. 


No  matter  what  Man  or  Mother  Nature  throws  at  you,  your 
mission-critical  systems  can't  even  blink.  For  today’s  sophisticated 
IT  systems,  a  split-second  failure  wreaks  long-term  conse¬ 
quences.  That's  why,  for  more  than  23  years,  the  nation’s  most 
mission-critical  facilities  have  relied  on  Lee  Technologies. 
Through  early  intervention  and  ongoing  service,  Lee  dramatically 
reduces  the  risk  of  downtime  and  the  costs  of  ownership  for 
mission-critical  facilities. 

Lee  provides  full  lifecycle  data  center  services  and  solutions, 
all  from  a  single  point-of-contact.  We  offer  local  service  with 
national  capabilities,  a  full  line  of  electrical  and  mechanical  prod¬ 
ucts,  superior  technical  expertise,  and  a  National  Operations 
Center  that  monitors  critical  systems,  schedules  maintenance 
and  provides  emergency  service  24/7/365. 

From  design  and  construction  management  to  maintenance, 
staffing  and  monitoring,  we  take  care  of  your  physical  infrastruc¬ 
ture,  so  you  can  confidently  take  care  of  business. 


to  Disaster  Avoidance, 
call  877-654-9662  or  visit 
www.leetechnologies.com/disaster  avoidance 


Lee  Technologies ~ 

MISSION-CRITICAL 
INFRASTRUCTURE  SOLUTIONS 


877-654-9662 

www.leetechnologies.com 


WASHINGTON,  D.C.  •  ATLANTA  •  LOS  ANGELES  •  NEW  YORK  •  HOUSTON 


All  products  or  company  names  listed  are  Registered  Trademarks  and  Trademarks  of  their  respective  holders. 


ESSENTIAL 


FROM  INCEPTION  TO  IMPLEMENTATION-I.T.  THAT  MATTERS 


Are  you  fast 
on  your  feet?  CIOs  i 
will  need  to  polish 
their  footwork  as 
networked  devices 
begin  to  proliferate. 


The  Network  Dance 

BY  FRED  HAPGOOD 

DEVICE  NETWORKS  |  CIOs  were  invented  because  the  boundless  promise  of  IT 
generated  an  equally  boundless  swamp  of  confusion  and  technical  perplexity.  Ever  since, 
CIOs  have  been  by  nature  at  least  one  part  geek  and  proud  of  it— although  that  reputation 
sometimes  has  been  a  bit  of  a  handicap  when  navigating  the  corporate  ladder. 

Several  events  on  the  horizon,  however,  suggest  that  the  tone  of  the  job  may  be  chang¬ 
ing.  For  better  or  worse,  CIOs  might  be  turning  into  people  people.  If  so,  their  ladder 
skills  might  be  in  line  for  an  upgrade. 

Ironically,  part  of  this  trend  is  driven  by  the  fact  that  networks  are  being  transformed 
from  systems  with  people  at  their  nodes  to  systems  whose  primary  role  is  the  intercon¬ 
nection  of  physical  devices,  from  locks  and  lights  and  cameras  and  motors  to  vehicles  and 
bar-code  readers  and  on  and  on.  These  new  architectures  are  usually  called  device  net¬ 
works,  or,  in  aggregate,  “the  Internet  of  things.” 

The  attraction  driving  this  reconstruction  is  the  promise  of  a  huge  increase  in  the  flex¬ 
ibility  and  productivity  of  operations.  Security  cameras  are  an  example.  Today,  in  most 
cases,  a  guard  sits  at  a  desk,  casually  watching  a  half-dozen  monitors— and  that’s  it. 
Maybe  once  a  month  he  sees  something  worth  noting.  Network  the  same  feed,  however, 


2  7 


ILLUSTRATION  BY  JUD  GUITTEAU 


www.cio.com  |  MARCH  15,  2006 


essential  technology 


and  sales  can  use  it  to  assess  the  effective¬ 
ness  of  floor  displays,  personnel  can  mon¬ 
itor  employee  performance,  facilities  can 
watch  the  progress  of  cleaning  and  repair 
work,  and  so  on.  Suddenly,  the  system  is 
contributing  7/52,  if  not  24/7.  This  point 
can  be  illustrated  equally  well  with  almost 
any  other  sensor  or  actuator,  such  as  key- 
card  readers,  vibration  sensors  on  motors, 
or  motion  detectors  controlling  the  light¬ 
ing  and  heating  in  bathrooms. 


erally  require  very  little  bandwidth  (except 
for  cameras)  but  do  best  with  low  latencies 
(since  they  are  interacting  with  machines). 

Solutions  for  the  Dancing  CIO 

But  the  modern  startup  culture  is  working 
quickly,  and  many  initiatives  are  afoot  (see 
“From  Reliable  to  Convenient,”  this  page)  to 
automate  or  simplify  these  problems.  Solu¬ 
tions  are  already  being  installed.  Recently, 
Saddle  Creek,  a  logistics  provider  with 


Networks  are  being  transformed 
from  systems  with  people  at  their 
nodes  to  systems  that  interconnect 
physical  devices. 


Of  course,  any  CIO  worth  his  reserved 
parking  space  will  see  an  underside  imme¬ 
diately.  Device  networking  is  not  new. 
Twenty  years  ago  people  started  hooking 
printers  to  the  Net.  What  a  nightmare  that 
was.  All  the  drivers  had  to  be  coded  by 
hand.  It  took  five  years  to  get  the  technology 
in  shape.  Isn’t  device  networking  going  to 
be  a  thousand  times  worse?  The  devices 
will  face  the  same  authentication  and  secu¬ 
rity  any  human  user  would,  plus  they  will 
need  to  be  maintained.  Given  that  physical 
access  to  a  lot  of  these  devices  will  range 
from  limited  right  up  to  impossible,  how 
are  those  issues  going  to  be  handled?  Com¬ 
patibility  is  sure  to  be  another  headache. 
Devices  will  come  in  dozens  of  kinds,  with 
several  manufacturers  for  each.  All  these 
varieties,  together  with  their  upgrades,  plus 
all  the  new  devices  no  one  has  thought  of 
yet,  are  going  to  need  to  interact  seamlessly. 
The  network  specs  are  not  even  the  same: 
Humans  like  lots  of  bandwidth  but  usually 
can  tolerate  reasonable  latency;  devices  gen- 


Keep  Up  Online 


Technology  Editor  Christopher  Lindquist 
scours  the  best  of  what's  on  the  Web  when 
it  comes  to  essential  technology.  Read  his 
blog,  TECH  LINKLETTER,  at  www.cio.com 

cio.com 


warehouses  around  the  country,  networked 
all  its  bar-code  readers  (handheld,  truck- 
mounted  and  wearable),  enabling  any  man¬ 
ager  anywhere  in  the  enterprise  to  monitor 
the  status  of  the  equipment.  The  company 
uses  technology  from  Wavelink  to  moni¬ 
tor  device  and  network  performance,  down¬ 
load  and  install  patches  and  upgrades,  and 
control  security  definitions.  Kathy  Fulton, 
manager  of  technical  services  at  Saddle 
Creek,  calls  this  “distance  management.” 
“The  need  for  onsite  technical  support  has 
been  taken  out  of  the  equation,”  she  says. 

The  New  World  of  CIO  Politics 

Beyond  this  mountain,  however,  lies 
another.  The  essence  of  device  networking 
is  moving  static,  single-constituency  data 
feeds  and  control  loops  across  borders, 
vocabularies  and  cultures,  both  inside  the 
enterprise  and  up  and  down  the  value 
chain.  Changes  like  these  pose  problems  of 
recruitment,  education  and  trust.  These 
problems  are  political,  not  technical. 

Earlier  in  this  decade  the  Iowa  Depart¬ 
ment  of  Transportation  (IDOT)  encountered 
these  issues  when  it  decided  to  renovate 
Interstate  235,  the  freeway  running  through 
the  center  of  Des  Moines.  Highways  have 
been  enthusiastic  users  of  IT  since  the  ’60s, 
when  roadbed  traffic  sensors  started  to  con- 


From  Reliable 
to  Convenient 


New  technologies  usually  go  through  two 
phases.  First,  people  look  for  reliability; 
once  that  is  achieved,  they  buy  convenience. 
Often,  years  separate  these  two  stages. 
Device  networking  is  so  complex  that  it 
requires  the  two  to  develop  in  tandem.  This 
is  one  technology  in  which  convenience  is 
reliability. 

Today  the  first  phase  is  being  attacked 
by  a  number  of  middleware  programs  that 
might  be  thought  of  as  operating  systems 
for  device  networks.  These  address  such 
issues  as  scalability,  connectivity  and  main¬ 
tenance.  (Their  sector  name  is  mesh  com¬ 
puting.)  They  come  in  three  general  flavors: 
proprietary  (MillennialNet,  SensiMesh), 
open-source  (TinyOS)  and  ZigBee,  the  prod¬ 
uct  of  an  industry  consortium  of  the  same 
name  numbering  nearly  200  companies. 
ZigBee  1.0.  which  was  announced  in  June 
2005,  is  optimized  for  allowing  a  large  num¬ 
ber— thousands— of  extremely  low-power 
devices  to  communicate  wirelessly.  Sample 
applications  that  might  run  on  ZigBee 
include  room-by-room  sensing  of  utility  con¬ 
sumption  to  allocate  costs  more  precisely 
and  improve  conservation,  and  use  of  wire¬ 
less  monitors  to  define  security  perimeters 
as  needed. 

Convenience  programs  run  on  top  of 
these  standards.  These  programs,  for 
instance,  might  be  tools  that  sort  devices 
into  functional  groups,  so  that  all  devices 
that  perform  one  type  of  task  can  be 
addressed  with  a  single  command  ("Turn  off 
all  the  valves!"),  or  compression  algorithms 
that  decipher  sensor  data  locally  and  trans¬ 
mit  just  the  necessary  bits,  thus  avoiding  the 
need  to  pump  huge  amounts  of  trash  over 
the  network.  (Especially  useful  in  the  case  of 
cameras.)  Until  recently,  most  user  compa¬ 
nies  wrote  their  own  convenience  programs, 
but  today  vendors  are  beginning  to  enter 
what  appears  to  be  a  growing  market. 

-F.H. 


28 


MARCH  15,  2006  |  www.cio.com 


SOONER  OR  LATER, 
SOMEBODY, 

(PERHAPS  YOU  OR  YOUR  BOARD  OF  DIRECTORS) 

WILL  MAKE  IT 
ABUNDANTLY  CLEAR  THAT 
THE  I.T.  DEPARTMENT’S 
NUMBER  ONE  PRIORITY  IS 
NOT  YOUR  TECHNOLOGY. 


IT’S  YOUR  BUSINESS. 


essential  technology 


trol  traffic  lights.  By  the  1970s,  highway  con¬ 
struction  projects  routinely  incorporated 
full-fledged  star  networks,  with  communi¬ 
cations  running  back  and  forth  between  a 
control  core  and  an  ever-expanding  list  of 
peripheral  devices,  including  dynamic 
signage,  cameras,  weather  sensors  and  elec¬ 
tronic  toll  collection. 

All  this  experience  has  made  highway 
engineers  early  adopters  in  the  device  net¬ 
working  revolution.  Thus  IDOT  decided  to 
make  I-235’s  new  intelligent  transportation 
system  (ITS)  into  a  data-sharing  platform 
that  would  accommodate  the  full  range  of 
devices  and  users,  both  current  and  poten¬ 
tial.  In  this  system,  emergency  vehicle  call 
centers  anywhere  would  be  able  to  route 
responding  units  through  the  lowest  traffic 
densities  using  images  from  surveillance 
cameras  as  guides.  Citizens,  even  in  other 
cities,  would  be  able  to  consult  the  output  of 


ing  that  IDOT’s  system  was  just  like  that, 
only  with  a  traffic  situation  instead  of  a 
building.  The  center  thought  it  over  and 
today  is  a  happy  user  of  the  technology.  “You 
have  to  get  your  feet  in  the  door,”  Jackson 
says.  “Without  putting  a  guy  in  there  to 
watch  how  they  did  business,  we  would 
have  had  no  way  of  doing  that.”  (You  can 
admire  the  final  result  at  www.i23S.com.) 

Why  the  CIO  Leads 

Under  device  networking,  every  data  feed 
and  control  loop  becomes  a  product  or  serv¬ 
ice  that  can  be  sold,  bartered  or  used  to 
sweeten  some  other  deal.  Suppose  you  have 
equipment  that  draws  a  lot  of  power  but 
has  some  flexibility  as  to  when  it  operates. 
If  the  control  loop  for  that  equipment  is  net¬ 
worked,  you  might  be  able  to  interest  the 
local  utility  in  trading  a  break  on  energy 
prices  for  the  right  to  turn  it  on  when  uti¬ 


Under  device  networking,  evety  data 
feed  and  control  loop  becomes  a 
aroduct  or  service  that  can  be  sold, 
aartered  or  used  to  sweeten  some 
other  deal. 


traffic-mapping  algorithms.  Interfaces 
would  be  open  and  standardized,  so  new 
applications  could  be  snapped  into  place. 

IDOT  representatives  began  visiting  the 
potential  user  groups,  explaining  the  new 
system  and  its  possibilities.  Often  they  ran 
into  education  issues.  One  911  center,  for 
instance,  said  that  while  the  system  looked 
nice,  the  center  was  too  busy  to  take  on 
responsibility  for  managing  another  data 
input.  The  IDOT  team  members  asked  if 
they  could  come  to  watch  operations.  At  one 
point,  an  IDOT  rep  noticed  that  the  call  han¬ 
dlers  routinely  ran  searches  in  the  data 
banks  of  the  county  assessor’s  offices  to  find 
photos  of  the  property  at  the  origin  address 
of  a  call  (to  be  able  to  tell  responding  units 
about  building  entrances).  Michael  Jackson, 
special  projects  engineer  and  manager  of 
the  project,  jumped  on  the  analogy,  argu¬ 


lization  is  lowest.  Suppose  your  own  prod¬ 
uct  is  a  machine.  If  you  build  networked 
performance  sensors  into  each  one,  every 
day,  all  the  machines  you  have  sold  could 
e-mail  you  descriptions  of  their  condition. 

The  Future  of  the  CIO 

Someone  has  to  be  responsible  for  identi¬ 
fying,  creating,  packaging  and  selling  these 
deals.  In  theory,  it  could  be  anyone,  but 
CIOs  are  probably  the  ideal  candidates 
because  in  most  enterprises  they  will  be 
the  only  managers  who  are  both  network¬ 
centric  and  have  a  holistic  view  of  the  enter¬ 
prise  and  its  value  chain.  Fredrik  Nilsson, 
general  manager  of  network  camera  maker 
Axis  Communications,  points  out  that  we 
already  have  at  least  one  illustration  of  the 
argument:  the  central  role  of  CIOs  in  the 
implementation  of  IP  telephony. 


ZigBee  chipset 
sales  in  2009 
should  exceed 
$220  million 
with  a  com¬ 
pound  growth 
of  116%  from 
2005  to  2010. 

-  West  Technology  Research  Solutions 


As  the  IDOT  story  suggests,  these  imple¬ 
mentations  require  an  appreciation  of 
human  sensitivities.  For  instance,  suppose 
your  company  is  inspired  by  the  example  of 
the  security  cameras.  How  are  you  going  to 
tell  security  that  control  of  “their”  cameras 
is  being  taken  away? 

Nilsson  suggests  putting  it  another  way. 
Instead,  argue  that  since  networked  devices 
tend  to  be  self- maintaining,  device  network¬ 
ing  tends  to  liberate  the  department  tradi¬ 
tionally  responsible  for  maintenance.  Second, 
once  a  device  is  networked,  pressure  starts 
building  from  all  directions  in  the  enterprise 
to  upgrade  the  devices  and  add  to  them. 

In  other  words,  networking  devices  usu¬ 
ally  leads  to  a  larger  system  of  higher  qual¬ 
ity,  which  is  better  for  everyone,  including 
security,  which  will  get  coverage  of  areas 
it  never  had  before.  Nilsson  says  that  usu¬ 
ally  once  such  points  are  made,  even  people 
losing  departmental  control  of  their  devices 
are  happy  to  participate. 

Of  course,  the  proposition  has  to  be  made 
the  right  way.  After  all,  consensus  is  built 
one  yes  at  a  time.  Not  every  CIO  will  be  up 
to  the  level  of  diplomacy  required.  Those 
who  are,  though,  will  be  like  mini-CEOs, 
practicing  the  kinds  of  skills  that  should 
give  them  a  straight  shot  to  the  top.  BE 


Freelance  Writer  Fred  Hapgood  can  be  reached 
at  hapgood@pobox.com. 


3  0 


MARCFI  15,  2006  |  www.cio.com 


Can  you  shift  your  I.T.  department  from 
managing  technology  to  delivering  bottom-line 
business  results? 

Can  you  equip  them  to  focus  on  business 
outcomes-instead  of  I.T.  outcomes? 

Now  you  can.  And  we  can  help. 


With  Mercury  BTO  Enterprise™  the  first 
software  and  services  suite  that  ensures 
your  I.T.  investments  produce  your  intended 
business  outcomes. 


CURY 

BUSINESS  TECHNOLOGY  OPTIMIZATION 


c  2006  Mercury  Interactive  Corporation.  All  rights  reserved.  Mercury  Interactive,  the  Mercury  logo,  Mercury,  and  Mercury  BTO 
Interactive  Corporation  in  the  United  States  and  other  countries 


We’d  like  to  prove  it  to  you. 

Go  to  www.mercury.com/bto. 

We’ll  help  you  make  very  sure  that  your 
technology  supports  your  business.  Instead 
of  the  other  way  around. 

INTRODUCING 
MERCURY  BTO  ENTERPRISE 

IT  GOVERNANCE 
APPLICATION  QUALITY 
APPLICATION  PERFORMANCE 
BUSINESS  AVAILABILITY 


Juan  Enriquez  keynote 


: 

What  Can  Tear  Us  Apart 

Failing  to  educate  our  youth  for  science  and  technology  careers  and  disrespecting  our 
differences  could  have  dire  consequences  for  the  unity  of  our  nation 


How  many  stars  do  you  think  will  be  in  the  U.S. 

flag  in  50  years?  It  is  said  that  CIOs  operate  in  a 
cyberworld.  But  changes  in  technology,  language 
and  wealth  can  have  a  real  effect  on  borders.  So 
before  you  answer  the  question  by  saying  “why,  50,  of  course,” 
you  may  wish  to  recall  that  no  U.S.  president  has  been  buried 
under  the  same  flag  he  was  born  under. 

We  oft  take  stability  and  continuity  for  granted  and  thus 
can  make  major  mistakes  in  both  our  personal  and  profes¬ 
sional  lives.  Countries  do  the  same,  and  time  and  again  they 
fall  apart.  Countries  rich  and  poor,  Asian,  African  or  Euro¬ 
pean,  Christian,  Buddhist  or  Muslim  continue  to  split.  The 
United  States— indeed  the  entire  American  continent— have, 
so  far,  been  extraordinary  outliers.  But  the  hemisphere  may 
not  be  immune  to  the  threats  of  techno-balkanization. 

Technology  accelerates  integration  and  fragmentation.  It 
allows  noncontiguous  communities  to  connect  with  each 
other  and  flourish.  The  Internet  and  VoIP  turbocharge  your 
ability  to  communicate  continuously  with  people  no  matter 
what  their  geography.  Alliances  and  allegiances  flourish.  The 
smart  become  ever  more  mobile;  they  know  who  is  doing 
what  where  globally,  and  how  they  can  fit  in.  Technology  can 
leave  many  a  country  and  individual  far  behind. 

Countries  that  do  not  develop  and  attract  smart  people  can 
fall  very  quickly.  But  you  can  also  grow  countries  out  of  noth¬ 
ing.  After  WWII  and  the  Korean  War,  there  was  not  a  lot  left 
standing  in  Taipei  and  Seoul;  Singapore  had  an  income  per 
capita  similar  to  that  of  Ghana.  Today  Taiwan,  Korea  and 
Singapore  are  leaders  in  education  and  technology.  When 
most  of  us  were  in  college,  Ireland  was  not  usually  associated 


32 


MARCH  15,  2006  |  www.cio.com 


ILLUSTRATION  BY  COLIN  JOHNSON 


DATA 


PROTECTION 


TECHNOLOGY 


As  data  protection  and  recovery  grows  in 
business  importance,  companies  are  turning  to 
trusted  outsourcers  to  ensure  their  data  is 
protected  and  available. 

- T - 

As  news  of  online  fraud  and  data  breaches  hits  the  headlines, 
the  issue  of  data  protection  has  moved  out  of  the  data  center 
and  into  the  executive  suite.  The  reason  is  simple:  these  days, 
how  well  a  company  protects  and  recovers  its  data  could 
directly  affect  the  bottom  line.  According  to  the  Wall  Street 
Journal,  data  breaches  can  cut  about  1  percent  from  the  stock 
price  of  affected  companies.1  But  building  a  data  protection 
strategy  has  grown  in  complexity  as  well  as  importance,  and 
several  trends  highlight  the  new  challenges  that  many  CIOs 
face.  Companies  increasingly  rely  on  technology  to  store  and 
analyze  vital  business  data,  from  customer  contact  informa¬ 
tion  to  financial  records  to  intellectual  property.  That 
increased  reliance  can  also  result  in  vulnerability,  as  data  loss¬ 
es  that  aren’t  quickly  recovered  can  have  disastrous  business 
consequences.  Alarmingly,  much  of  that  data  has  moved 
from  the  safety  of  a  centralized  data  center  to  less-secure 
devices,  such  as  remote  servers  in  regional  offices  or  laptops 
that  are  not  regularly  backed  up.  Moreover,  the  increase  in 
government  regulations  that  mandate  how  companies  store, 
archive  and  secure  particular  types  of  data  further  heightens 
the  challenges  of  data  protection. 

These  business  trends  should  drive  a  wholesale  change  in 
how  business  data  is  protected  and  recovered.  Instead  of  build¬ 
ing  a  disaster  recovery  plan  centered  only  around  the  data  cen¬ 
ter,  companies  must  ensure  that  distributed  data — on  laptops, 
PCs,  and  remote  office  servers — can  also  be  quickly  and  reli¬ 
ably  recovered.  Moreover,  these  plans  must  factor  in  the  strin¬ 
gent  security  and  recoverability  mandated  by  the  new 
regulatory  climate.  The  bottom  line:  CIOs  must  rethink  the 
way  they  protect  and  recover  corporate  data. 

“The  changes  in  the  business  world  are  reflected  in  the  new 
approach  that  companies  are  taking  to  data  protection,  ”  says 
Curtis  Preston,  vice  president  of  data  protection  at  GlassHouse 

▲  Iron  Mountain* 

Custom  Publishing 
Advertising  Supplement 


Technologies  in  Framingham,  Mass.  “Instead  of  just  backup, 
data  protection  must  encompass  backup  and  disaster  recovery 
as  well  as  storage,  security  and  archiving.” 

The  answer  is  to  build  a  strategy  that  both  protects  and 
recovers  data.  An  effective  data  protection  and  recovery  strat¬ 
egy  not  only  restores  data  that  has  been  destroyed,  damaged, 
or  misplaced  but  also  prevents  data  from  falling  into  the 
wrong  hands  and  ensures  that  companies  are  in  compliance 
with  regulations  affecting  their  industries. 

“Businesses  need  a  data  protection  plan  that  incorporates 
all  corporate  data,  from  the  server  to  the  laptop,”  says  Brian 


Babineau,  an  analyst  at  Enterprise  Strategy  Group  in  Milford, 
Mass.  “And  as  regulatory  compliance  comes  into  play,  we’re 
seeing  a  convergence  of  data  protection  and  security — you 
can’t  just  protect  it  by  backing  it  up.  You  need  to  secure  it  so 
that  if  it  falls  into  the  wrong  hands,  it  can’t  be  misused.” 

The  key  for  any  organization — regardless  of  its  size  or  the 
industry  in  which  it  plays — is  to  implement  a  data  protection 
and  recovery  strategy  that  mitigates  business  risks,  reduces 
costs,  increases  compliance  and  helps  improve  overall  business 
service  levels.  Doing  so  involves  bringing  together  the  business 


l.June  15, 2005  Wall  Street  Journal. 


ADVERTISING  SUPPLEMENT 


There  should  be  reasonable,  repeatable 
processes  in  place  to  make  sure  that  only  the 

ric|ht  people  hove  3CC6SS.  —Brian  Babineau 


managers  and  the  CIO  team  to  perform  a  multivariate  cost- 
benefit  analysis  that  assesses  the  value  of  business  data  with  the 
costs  of  downtime  and  non-compliance. 

Faced  with  both  a  high  opportunity  for  failure  and  a  great 
deal  of  risk,  many  companies  are  choosing  outsourced  man¬ 
aged  data  protection  as  the  fastest,  safest  road  to  ensuring  that 
data  is  consistently  protected,  secured,  compliant  and — most 
importantly — quickly  recoverable.  With  such  high  stakes — 
many  companies  live  and  die  on  their  ability  to  access  and  use 
data  24/7 — choosing  the  right  partner  is  a  vital  decision.  Some 
of  the  things  that  should  be  evaluated  include  the  following: 

REPUTATION.  Trust  is  paramount  in  a  relationship  where  so 
much  is  at  risk,  so  look  for  vendors  with  an  excellent  reputation 
and  a  proven  track  record  of  helping  companies  successfully 
recover  their  data  during  regional  or  national  disasters. 

HIGH  ACCESSIBILITY.  Enterprises  need  the  ability  to  restore 
data  themselves,  regardless  of  whether  it’s  in  the  data  center, 
on  a  PC,  or  on  a  remote  server.  Electronic  vaulting,  for  exam¬ 
ple,  offers  a  secure  Web  interface  that  allows  IT  administra¬ 
tors  to  easily  and  quickly  restore  lost  data  themselves — a 
valuable  commodity  in  an  increasingly  mobile  world.  Online 
access  also  allows  companies  to  access  and  manage  media, 
control  authorization  levels,  declare  a  disaster  and  make 
media  requests.  “Self-service  requirements  are  part  of  the 
consumer  environment  today,  ”  says  Babineau.  “They  want 
the  ability  to  get  people  involved,  but  they  want  the  ability  to 
do  it  on  their  own  when  they  want.” 

MENU  OF  SERVICES.  As  data  protection  and  recovery 
increases  in  scope,  so  too  must  the  services  that  data  protec¬ 
tion  vendors  offer.  These  providers  should  offer  services 
that  complement  each  other  for  a  complete  data  protection 
and  recovery  strategy.  Look  for  the  ability  to  back  up  and 
recover  both  centralized  and  distributed  data,  as  well  as 
encryption  and  digital  archiving. 

DISTRIBUTED  DATA  PROTECTION  SERVICES.  With  critical  data 
increasingly  stored  on  decentralized  sources  such  as  remote 
servers  or  laptops,  data  protection  vendors  must  offer  a 
complete  strategy  to  protect  that  data.  Electronic  vaulting 
offers  services  to  automatically  and  consistently  protect 
data  that  resides  outside  the  data  center,  which  not  only 
ensures  that  backups  are  being  done  to  set  policies,  but  also 
guarantees  recoverability. 


SERVICE  LEVEL  AGREEMENTS.  Vendors  should  be  able  to  tailor 
SLAs  to  the  protection  and  recovery  priorities  of  each  cus¬ 
tomer,  and  offer  a  technology  solution  that  supports  each 
SLA  level.  Tape  is  an  inexpensive  solution  for  low-priority 
data,  for  example.  Electronic  vaulting,  which  backs  up  data 
online  and  offers  on-demand  recovery,  provides  easily  man¬ 
ageable  data  protection  with  recovery  points  and  recovery 
times  that  range  from  a  few  minutes  to  24  hours,  depending 
on  service  level  requirements. 

TOP  EQUIPMENT.  Conduct  due  diligence  to  ensure  that  the  ven¬ 
dor’s  infrastructure  is  everything  you’d  want.  With  electronic 
vaulting,  look  for  best-in-breed  encryption  and  a  fully  manned 
service  operations  center  to  monitor  and  manage  services. 
With  backup  tape  storage,  look  for  high-end  data  centers, 
vaults  with  top-line  security,  gaseous  fire  suppression  systems, 
backup  generators  and  tight  controls  around  temperature, 
humidity  and  static  electricity. 

SECURITY.  Security  covers  two  realms — the  physical  security 
needed  for  facilities,  personnel  and  media  transportation,  as  well 
as  encryption  technologies  for  safeguarding  sensitive  data  in 
transit,  through  electronic  vaulting  and  on  backup  media. 
“There  should  be  reasonable,  repeatable  processes  in  place  to 
make  sure  that  only  the  right  people  have  access,  ”  says  Babineau. 

Consistent,  secure  processes  for  handling  and  transporting 
media  from  start  to  finish  that  prove  chain-of-custody.  “Look 
for  vendors  that  properly  handle  and  store  tapes,  from  bar¬ 
code  scanning  for  chain-of-custody  control,  to  the  ability  to 
electronically  inventory  the  vaulted  media,  ”  says  Preston. 

In  the  final  analysis,  implementing  a  comprehensive  data 
protection  and  recovery  plan  requires  an  ongoing  strategy 
rather  than  a  one-off  program.  When  the  stakes  are  nothing 
less  than  business  survival,  data  protection  becomes  a  vital 
business  issue — and  using  trusted  experts  to  safeguard  this 
asset  becomes  the  most  viable  solution.  By  implementing  a 
data  protection  strategy  which  includes  choosing  the  right 
partner  for  data  protection  and  recovery,  CIOs  can  ensure  that 
business  leaders  can  depend  on  the  continuing  availability  and 
integrity  of  the  data  engine  that  drives  their  organization.  A 

A  Iron  mountain* 

For  more  information  on  how  to  implement 
data  protection  and  ensure  recovery,  check  out 
www.ironmountain.com 


2 


US-MV-AD-008-06-001 


IOIOO 


SIUM  &  AWARDS  CEREMONY 


The  Eighth  Annual 
CIO  100  Symposium  &  Awards 

Delivering  Innovation  to  the  Enterprise 

CIO  100  Symposium  is  the  premier  place  for  CIOs  to  exchange  ideas  with  their  peers  across 
all  industry  segments  as  noted  thought  mavens  and  recognized  leaders  in  the  CIO  community 
explore  how  to  develop,  implement  and  capitalize  on  innovation  most  effectively. 

Save  the  date. 

August  20  -  22,  2006 

Hotel  Del  Coronado,  Coronado,  California 

For  more  information,  call  800-355-0246 


CIO  100  Symposium  Awards  are  proudly  underwritten  by 


Sybase 


Official  Host  Sponsors 

:=:  BlackBerry  i  R  i  s  C 

VISUALIZE.  INNOVATE.  DELIVER!" 


redhat. 


^  Symantec 


Presented  by 


Business  Technology  Leadership 


Juan  Enriquez  keynote 


with  words  like  hardworking,  focused,  high-tech  and  rich. 
Now,  after  attracting  world-class  companies  and  entrepre¬ 
neurs  to  their  country,  Irish  citizens  have  incomes  that  exceed 
those  of  their  former  colonizers  in  Britain.  Given  that  change 
can  occur  so  swiftly,  one  might  want  to  consider  the  conse¬ 
quences  as  fewer  Americans  pursue  careers  in  math,  science 
and  engineering.  Ever  more  leading-edge  science  papers  come 
from  abroad.  Within  a  few  decades,  perhaps  90  percent  of  the 
world’s  scientists  will  live  in  Asia. 

Flags,  borders  and  anthems  are  myths;  they  last  only  as 
long  as  the  next  generation  is  willing  to  believe  in  and  support 
what  you  today  hold  most  dear.  That  is  why  flags  have  bred  so 
promiscuously  in  the  United  Nations.  When  the  organization 
was  founded,  there  were  51  member  states— today  191.  Whether 
to  untie  is  a  daily  debate  in  many  countries  today. 

To  generate  wealth  and  grow,  a  country  must  generate 
knowledge  and  address  internal  divides.  About  one-third  of  the 
United  States’s  PhDs  in  science  and  math  are  awarded  to 
Asians  and  Asian-Americans— only  3  percent  go  to  African- 
Americans  and  Hispanics.  Within  a  few  decades,  40  percent 
of  the  total  U.S.  population  is  likely  to  be  Hispanic  and  African- 
American.  Already  70  percent  of  the  kids  in  the  Los  Angeles 
county  school  district  are  Hispanic.  If  large  segments  of  the 
population  do  not  become  digital-  and  life  science-literate,  the 
engine  of  growth  of  the  economy  could  begin  to  slow  or  stall. 
And  there  could  be  growing  tensions  between  large  ethnic 
islands. 

The  Widening  Geographies  Gap 

There  are  also  regional  divides.  Most  of  the  country’s  wealth 
of  knowledge  is  generated  in  a  few  key  states.  And  within 
these  states,  the  smart  areas  are  concentrated  in  a  few  ZIP 
codes.  In  life  sciences,  for  instance,  92121— the  ZIP  code 
between  the  Salk  Institute,  Scripps  Research  Institute  and 
University  of  California  at  San  Diego— is  a  key  driver  of  growth 
and  innovation.  One  consequence  of  this  concentration  of 
brains  and  research  is  that  a  few  (mostly  blue)  states  pay  a 
great  deal  in  taxes.  And  a  series  of  mostly  red  states  consume 
a  lot  more  federal  funds  than  they  generate.  Globally,  when  one 
begins  to  see  growing  regional  gaps,  one  also  sees  demand 
for  regional  autonomy.  Often  it  is  the  rich,  not  the  repressed, 
ethnically  or  religiously  divided  regions  that  seek  to  untie 
first. 

As  schools  lag  and  regions  fall  behind,  investing  today  to 
reap  tomorrow  is  ever  more  critical.  But  that  is  not  what  we  are 
doing.  The  federal  government  spends  about  $22,000  each 
on  those  over  65  and  $2,000  each  on  people  under  16.  We  are 
investing  more  in  what  was,  instead  of  what  will  be.  It  is  the 
young  who  will  have  to  lead  change  across  a  series  of  emerg¬ 
ing  fields  including  robotics,  nanotechnology,  IT  and  life  sci¬ 
ences  if  the  United  States  is  to  remain  a  preeminent  economy. 
And  yet  many  students  are  failing  tests  in  science  and  math. 

34  MARCH  15,  2006  |  www.cio.com 


As  teachers  and  researchers  find  it  easier  to  work  in  some 
regions,  many  counties  become  knowledge  irrelevant.  Often 
these  areas  end  up  poor,  isolated  and  angry.  They  begin  to 
resent  change,  open  borders  and  the  tech-rich. 

The  country’s  debt  is  accumulating  at  an  unsustainable 
rate.  We  make  our  kids  pay  for  our  inability  to  finance  our 
own  wars,  infrastructure,  health  and  education.  Eventually 
they  will  pay,  with  interest.  Soon,  if  interest  rates  rise  and 
housing  prices  fall,  we  could  be  faced  with  some  hard  choices, 
and  there  are  few  things  that  stress  families,  companies  and 
countries  more  than  running  out  of  money. 

Ninety  percent  of  the  world's 
scientists  will  live  in  Asia. 

Politicized  religion  adds  fuel  to  an  already  volatile  mix. 
Some  national  leaders  use  television  to  convince  a  large  per¬ 
centage  of  the  population  that  the  political  opposition  repre¬ 
sents  “godless  people.”  The  other  side  retaliates  by  loudly 
proclaiming  the  government  is  populated  by  a  bunch  of  igno¬ 
rant,  dishonest  monsters.  Both  sides  try  to  ban  what  many 
other  citizens  hold  dear.  Some  fear  bans  on  Christmas,  others 
prohibitions  on  stem  cells  and  Darwin. 

To  grasp  the  possible  consequences  of  today’s  divisions, 
imagine  yourself  sitting  in  a  British  Cabinet  meeting  circa 
1900.  Their  flag  and  government  represented  the  world’s  pre¬ 
eminent  empire.  Had  the  Prime  Minister  asked,  “What  do  you 
suppose  the  map  of  our  great  country  will  look  like  circa  1955?” 
one  might  guess  the  consensus  answer  might  have  been  just 
slightly  wrong.  Just  as  occurs  in  some  marriages,  where  the 
spouse  is  the  last  to  find  out,  often  it  is  the  citizens  of  greatest 
powers  that  never  see  a  split  coming. 

So  why  not  ask  the  question:  What  can  we  do  today  to  pre¬ 
vent  untying  tomorrow?  For  starters,  let’s  respond  to  divisive, 
hate-filled  speeches  by  politicians  with  the  question,  “Are  you 
seeking  to  untie  us  from  the  others?”  Why  not  give  parents  of 
kids  under  18  one  proxy  vote  per  child?  Only  then  will  there  be 
a  strong  voting  block  to  counter  growing  gray  power.  It  is  also 
time  to  quit  spending  more  than  we  earn.  And  above  all,  it  is 
time  to  realize  just  how  fragile  countries  can  be. 

Whether  the  United  States  someday  becomes  an  Untied 
States  or  whether  it  ends  up  a  larger,  more  powerful  country 
depends,  to  a  great  extent,  on  what  we  do  today.  How  we  cope 
with  waves  of  technology,  how  we  educate,  what  we  invest  in 
and  how  we  treat  each  other,  ram 


Juan  Enriquez,  CEO  of  Biotechonomy,  is  the  author 
of  The  Untied  States  of  America:  Polarization,  Frac¬ 
turing,  and  Our  Future.  He  is  founding  director  of 
Harvard  Business  School’s  Life  Sciences  Project.  He 
can  be  reached  at  jenriquez@yahoo.com. 


Who  was  selected  as  best  in  Bl? 


Siebel  Business  Analytics 
Best  Business  Intelligence  Application 

Award  Winner 


Siebel  Business  Analytics  received  the  most  prestigious  Bl  award  because  unlike 
traditional  Bl  vendors,  Siebel  meets  the  new  business  demands  of  enterprise  Bl. 
Siebel  delivers  richer,  real-time  intelligence  for  everyone  across  your  enterprise. 
Working  seamlessly  with  your  existing  systems  and  data  warehouses,  Siebel’s  mission- 
critical  Bl  architecture  supports  multi-terabytes  of  data  and  thousands  of  users. 
And  Siebel's  pre-built  solutions  embed  industry-specific  best  practices  that  are 
flexible,  quickly  implemented,  and  deliver  low  TCO. 

To  learn  more,  visit  www.siebel.com/bi 


Siebel 

Business  Analytics 


©2006  Siebel  Systems.  Inc.  All  rights  reserved.  Siebel  and  the  Siebel  logo  are  trademarks  of  Siebel  Systems.  Inc  and  may  be  registered  in  certain 
jurisdictions.  Siebel  was  recognized  as  the  winner  of  the  most  recent  RealWare  award  from  CMP  Media's  Intelligent  Enterprise.  RealWare  is  a  registered 

trademark  of  Intelligent  Enterprise. 


I 


■ 1  Michael  Schrage  iT's  all  aboot  the  execution 


i 


■ 


| 

! 

I 


Is  Offshoring  Coding 
Yesterday’s  Fad? 

Outsourcing  your  code  development  makes  a  lot  less  sense  with  the  radical  changes  in 
the  way  innovators  now  create  software 


Over  brunch  in  a  cheap  Brooklyn  restaurant,  a 
longtime  MIT  friend  proudly  demonstrated  his 
latest  startup’s  software.  The  idea  is  clever,  and  its 
beta  implementation  is  sweet.  I  liked  it;  usually 
the  stuff  I  see  turns  my  stomach.  So  I’m  pleased  that  Hans 
Peter  Brondmo’s  Web-based  “personal  information  organ¬ 
izer”  has  technical  chops  and  global  business  potential. 

Then  again,  I  usually  pay  close  attention  to  Brondmo’s  dig¬ 
ital  designs.  He’s  not  an  uber-geek  who’d  rather  write  code  than 
chat  up  prospects.  A  reasonably  successful  entrepreneur,  he’s 
a  get-it-done  pragmatist  who  won’t  coddle  programming  prima 
donnas.  He  wants  to  hit  the  market  cheap,  fast  and  hard  with 
products  that  aren’t  hard  to  upgrade  or  maintain. 

So  when  Brondmo  told  me  his  software,  called  Plum,  was 
the  first  time  he’d  done  serious  coding  in  over  a  decade,  I  was 
taken  aback.  “I  couldn’t  believe  how  much  things  have 
changed,”  he  confided.  “When  my  development  teams  wrote 
code  10  years  ago,  it  took  us  three  days  to  find  and  kill  a  bug. 
Today,  it  takes  us  only  three  hours.” 

What’s  more,  he  continued,  whenever  his  (geographically 
distributed)  development  team  runs  into  trouble,  they  can 
usually  instant  message  their  way  into  a  just-in-time  partner¬ 
ship  that  simultaneously  solves  the  problem  while  alerting 
everyone  to  potential  conflicts.  “We  do  better  real-time  col¬ 
laborative  development  and  review  now  remotely  then  we  did 
back  at  MIT  when  we  were  all  in  the  same  building,”  he  notes. 

Brondmo’s  favorite  development  discovery  occurred  when 
he  was  stuck  for  a  few  lines  of  code.  He  realized  that  by  Googling 
he  could  see  if  anyone  anywhere  had  posted  something  he 
could  use.  He  and  his  team  found  quite  a  few  virtual  solutions 


ILLUSTRATION  BY  JON  KRAUSE 


Security  breaches  cost  businesses  billions  each  year. 

(Will  you  be  ready,  or  will  you  be  a  statistic?) 


Symantec™  Gateway  Security  5620  Appliance' 

•  Features  full-inspection  firewall,  antivirus  protection, 
intrusion  prevention  (with  anti-adware  and  anti-spyware 
capabilities),  anti-spam,  intrusion  detection,  URL-based 
content  filtering  with  Dynamic  Document  Review,  IPsec 
and  SSL  VPN  technologies 

•  Tightly  integrated  security  technologies  provide  maximum 
security  effectiveness  and  reduced  acquisition  and 
installation  costs 

•  Single  console  provides  comprehensive  management 
of  all  security  technologies  to  simplify  network  security 
management 


$2899" 

CDW830170 

C 


Symantec™  Brightmail  AntiSpam™  6.0 

•  Provides  accurate,  effective  and  easy-to- 
manage  protection  against  spam,  e-mail 
fraud,  viruses  and  other  unwanted  e-mail 
at  the  Internet  gateway 

•  Offers  flexible  spam  management,  policy 
assignment  capabilities  and  automated 
filter  updates 

10-24  user  license  with  1 -year  Gold  Maintenance15 
$27.15  CDW  681484 


The  Security  Solutions  You  Need  When  You  Need  Them. 

You  know  security  threats  are  growing.  You  know  they're  becoming  more  sophisticated. 
What  you  don't  know  is  when  one  will  strike,  and  which  one  it  will  be.  The  key  is  to  solve  your 

K  > 

security  problems  before  they  become  problems.  CDW  has  the  top-name  security  hardware 
and  software  as  well  as  the  technology  experts  to  help  you  proactively  improve  your  network 
security.  So  call  today.  Instead  of  hoping  your  network  is  ready,  wouldn't  you  rather  know? 


Activation  pack  and/or  additional  software  necessary  for  installation.  Gold  Maintenance  includes  standard  business  hour  technical  support  (8:00  a.m.  to  8:00  p.m.  CST),  1-year  upgrade 
protection  and  vims  definitions;  call  your  CDW  account  manager  for  details.  Licensing  requires  a  minimum  order  of  10  licenses;  call  your  CDW  account  manager  for  details.  Offer  subject 
to  CDW's  standard  terms  and  conditions  of  sale  available  at  CDW.com.  ©  2006  CDW  Corporation 


The  Right  Technology.  Right  Away 

CDW.com  •  800.399.4CDW 

In  Canada,  tall  888.898.CDWC  •  CDW.ca 


Michael  Schrage  IT'S  ALL  about  the  execution 


this  way.  “But  what  about  context?”  I  asked.  After  all,  not 
everyone  documents  their  C++  in  English.  He  dismissively 
waved  his  hand:  “Code  is  code.  I  found  something  that  looked 
like  what  I  needed  in  the  middle  of  what  looked  like  a  bunch  of 
Chinese.  You  paste  it  in  and  see  what  happens.  It  worked.” 

The  ultimate  result?  He’s  never  done  a  startup  where  the 
software  development  has  been  better,  faster  or  cheaper.  “In  the 
past,  I’ve  had  to  raise  lots  of  money  to  support  the  burn  rate  and 
the  licenses  necessary  to  develop  real  software  over  a  couple  of 
years;  the  costs  are  huge,”  he  said.  “You  had  to  deal  with  the 
venture  capitalists.  They  had  the  money. 

“Development  cost  is  still  significant,  but  it’s  now  focused  on 
value  creation,  not  infrastructure  development,”  he  added. 
“Open  source  and  the  availability  of  tools  reduce  our  infra¬ 
structure  cost.  We  don’t  have  to  pay  for  expensive  software 
licenses  and  engineers  to  implement  ‘commodity’  functions.  So 
more  money  can  be  focused  on  innovation,  not  plumbing.  We 
do  more  features  faster.  Development  isn’t  really  an  obstacle.” 

Even  allowing  for  hyperbole— perhaps  Brondmo’s  “three 

days  to  three  hours”  time 


Add  a  Comment 


Are  you  taking  advantage  of  the  new  eco¬ 
nomics  of  software  development?  Tell  us 
how,  by  going  to  the  online  version  of  this 
column  at  www.cio. com/031506 

cio.com 


compression  is  really  closer 
to  “two  days  to  five  hours,” 
we’re  still  describing  at 
least  a  fourfold  productiv¬ 
ity  leap.  That’s  impressive. 

Marry  that  to  the  evolving 
array  of  development-oriented  communication,  collaboration 
and  search  tools  spilling  into  the  global  digi-sphere,  and  the 
serious  CIO  might  want  to  delay  that  Bangalore  RFP.  The  new 
economics  of  software  development  may  have  rendered  India 
and  China  yesterday’s  fad. 

Plum’s  provenance  may  not  be  typical,  but  there’s  nothing 
extraordinary  about  it  either.  A  savvy  entrepreneur  is  exploit¬ 
ing  technical  innovation  to  cost-effectively  generate  technical 
innovation.  The  stuff  works.  This  is  where  savvy  CIOs  need  to 
sit  up  and  take  notice.  The  implementation  implications  are 
enormous. 

I’m  the  last  person  to  suggest  that  busy  CIOs  should 
immerse— or,  God  forbid,  reimmerse— themselves  in  code.  But 
any  CIO  preaching  the  gospel  of  productivity  better  know  if 
his  organization’s  methodologies  discourage— or  invite- 
healthy  experimentation  with  these  nascent  development  plat¬ 
forms.  A  CIO  should  know  if  he  can  now  consistently  get  a 
year’s  worth  of  software  development  in  90  days.  A  CIO  should 
know  if  75  percent  of  a  project  portfolio  can  go  to  value-added 
features  instead  of  infrastructure  maintenance.  This  matters. 

Transforming  the  economics  of  software  development 
completely  transforms  the  economic  rationales  for  out¬ 
sourcing.  Reducing  both  the  cost  and  time-to-market  of  new 
features  and  functionality  completely  transforms  a  com¬ 
pany’s  economics  of  innovation.  Ideally,  CIOs  should  “own” 
these  transformations.  Do  you? 


3  8 


MARCH  15,  2006  |  www.cio.com 


A  fourfold  productivity  leap 
and  better  communication 
tools  could  make  CIOs 
rethink  the  Bangalore  RFP. 

Three  clear  implementation  transformation  scenarios  emerge. 
The  first  scenario  is  the  easiest  and  most  obvious:  These  devel¬ 
opment  economics  create  a  new  generation  of  Salesforce.coms 
and  other  ASPs  that  offer  suites  of  mix-and-match  business 
processes  for  enterprise  consumption.  For  example,  while 
Brondmo  has  given  little  thought  to  Plum  as  an  enterprise 
“knowledge  management”  platform,  it  could  easily  be  adapted 
to  become  one.  With  a  little  goosing,  it  could  become  an  “account 
management”  app  too.  More  choice,  less  money. 

Toward  Value-Added  Innovation 

Scenario  two  has  IT  recommit  to  enterprise  software  devel¬ 
opment.  These  tools  and  technologies  turn  the  internal  eco¬ 
nomic  equations  for  IT  investment  away  from  outsourcing 
and  toward  value-added  innovation.  IT  becomes  a  better,  faster 
and  cheaper  innovation  partner  for  both  key  business  units  and 
core  enterprise  processes.  ERP  systems  are  goosed  and  spruced 
by  customized  Web  apps  instead  of  extended  by  packaged  pro¬ 
curements  like  Siebel  or  PeopleSoft. 

The  third  scenario  has  IT  bypassed  by  ambitious  business 
unit  leaders  who  can’t— or  won’t— wait  for  the  CIO  to  get  his  act 
together.  So  they  pursue  scenario  one  and  scenario  two-type 
behaviors  independent  of  whomever  the  CIO  is  and  whatever 
the  CIO  wants.  Like  the  rise  of  the  software  spreadsheets  more 
than  20  years  ago,  the  rise  of  Plum-like  digital  platforms  and 
processes  proceeds  without  the  need  for  central  approval. 

Scenario-three  CIOs  will  have  a  hard  choice:  Either  be  seen 
as  enablers  and  champions  of  creative  enterprise  interoper¬ 
ability  or  get  used  to  losing  a  lot  of  fights. 

My  personal  belief  is  that  the  variation  IT’s  been  witnessing 
since  2000  will  accelerate:  The  “IT  doesn’t  matter”  crowd  will 
continue  to  manage  and  invest  in  IT  as  a  commodity,  while  the 
“strategic  IT”  companies  will  be  exploiting  these  new  develop¬ 
ment  economics  for  better  and  faster  differentiation,  segmen¬ 
tation  and  innovation.  These  emerging  economics  will  further 
fragment  the  CIO  community.  The  rich  will  get  richer;  the  smart 
smarter;  and  the  not-so-rich  and  not-so-smart  will  find  them¬ 
selves  struggling  to  remain  “fast-followers.” 

When  you  look  at  the  core  economic  dynamics  driving  software 
development  and  business  competition,  it  seems  painfully  clear: 
There  has  never  been  a  better  time  to  be  a  smart 
CIO  at  an  organization  that  wants  to  win.  ED3 


Michael  Schrage  is  codirector  of  the  MIT  Media 
Lab’s  EMarkets  Initiative.  He  can  be  reached  at 
schrage@media.mit.edu. 


PHOTO  BY  JOHN  SOARES 


Business  Risk 


Technology  Risk 


Internal  Audit 


RISK 

AND  HOW  YOU  CAN  USE  IT  TO  ADD  VALUE  ACROSS 

YOUR  ENTIRE 

INFRASTRUCTURE 


Something  important 
happens  when  you  take 
a  long,  hard  look  at 
your  technology  risks — or, 
perhaps  more  accurately,  when 
you  hire  Protiviti  to  do  so.  You 
start  to  see  not  just  potential 
problems  to  sidestep,  but 
opportunities  to  seize  upon.  Chances  to  better 
protect  your  network  (and  reputation)  from 
security  breaches.  To  protect  mission-critical 
business  systems.  And  to  convert  mundane 
compliance  projects  into  opportunities.  These 


are  certainly  strong  claims  for 
risk  management,  but  we  have 
plenty  of  case  studies  to  back 
them  up.  Like  the  time  we 
helped  a  Fortune  1000  client 
navigate  a  technology  upgrade 
while  capturing  $8  million 
in  IT  savings  annually.  The 
fact  is,  savings  like  these  aren’t  that  hard  to 
come  by.  You  just  have  to  know  where  to  look. 

For  more  information  about  the  technology  (and  other)  risks 
your  enterprise  faces,  get  a  complimentary  copy  of  our  U.S.  Risk 
Barometer  at  protiviti.com/infrastructure.  <jjy 


Know  Risk.  Know  Reward. ' 


€>2006  Protiviti.  An  Equal  Opportunity  Employer.  Protiviti  is  not  licensed  or  registered  as  a  public  accounting  firm  and  does  not  issue  opinions  on  financial  statements  or  offer  attestation  services.  0206-9010 


Peer  to  Peer 


FIELD-TESTED  IDEAS  FROM  CIOs  FOR  CIOs 


Opening  aVirtual  Gateway 
to  Better  Health 


This  CIO  swore  he  would  stay  away  from  turnarounds— until  he  was  offered  the 
opportunity  to  revamp  the  way  Massachusetts  residents  obtain  state  health 
services.  It  was  a  challenge  he  couldn’t  resist. 

BY  LOUIS  GUTIERREZ 


In  early  January  2003, 1  received  a  call  from  a  former  col¬ 
league,  Steve  Kadish,  who  had  just  been  appointed 
undersecretary  of  Health  and  Human  Services  for  the 
incoming  administration  of  Gov.  Mitt  Romney  in  Mass¬ 
achusetts.  Steve  and  I  had  worked  together  in  Massachusetts 
government  in  the  mid- ’90s,  when  he  oversaw  operational 
services  for  the  state;  my  role  was  that  of  chief  information 
officer  for  the  state.  Then  from  1999  to  2002,  we  both  worked 
on  the  turnaround  of  Harvard  Pilgrim  Health  Care,  an  HMO. 
After  that  intense  experience,  I  promised  myself  that  I  would 
do  no  more  than  one  turnaround  every  10  years  or  so! 

But  this  promise  was  soon  to  be  broken. 

Steve  was  calling  to  ask  if  I  would  consider  coming  back  to 
state  government  during  a  fiscal  crisis  to  lead  the  IT  operation 
of  the  state’s  Health  and  Human  Services  agency  amid  the 
most  significant  reorganization  in  its  history.  Doing  so  would 
put  me  back  in  the  middle  of  a  significant  “turnaround,”  albeit 
in  a  public-sector  context.  And  it  would  entail  a  jolting  salary 
adjustment  from  the  consulting  work  I  was  engaged  in  at  the 
time.  But  it  was  an  irresistible  challenge  to  me,  because  of 
the  tremendous  opportunities  in  government  to  help  indi¬ 
viduals  and  communities,  using  information  technology. 

What  followed  is  an  adventure  that  resulted  in  something 
many  people  thought  could  not  be  accomplished— a  virtual 
gateway  to  the  17  Health  and  Human  Services  (HHS)  agencies 
in  Massachusetts.  For  decades,  these  agencies  operated  sep¬ 
arately  and  constructed  separate  systems  within  their  own 
fiefdoms.  Each  had  its  own  business  processes  (for  common 
tasks  like  applying  for  benefits  and  eligibility  determination) 
and  used  different  forms  to  collect  similar  data.  HHS  was 


0 


MARCH  15,  2006  |  www.cio.com 


ILLUSTRATION  BY  HARRY  CAMPBELL 


EMC' 

where  information  lives" 


parva^ — 


tg&mt 

■fir*  [  .• 


Information  lives  at  Toyota  Motorsport.  With  the  help  of  EMC,  they  raced  into  Formula  1  contention.  A  combination  of  EMC-  softwar  e, 
services,  and  systems  enabled  them  to  access  performance-critical  data  faster  and  easier.  So  now  the  team  can  reengineer  their  car 
between  races.  Manage  information  at  240-plus  miles  per  hour.  And  continuously  improve  their  car  and  their  results.  Learn  how  EMC 
can  help  you  turn  your  information  into  a  competitive  advantage.  Visit  www.EMC.com/ilm. 


EMCi  EMC,  and  where  information  lives  are  registered  trademarks  of  EMC  Corporation.  All  other  trademarks  used  herein  are  the  property  of  their  respective  owners.  ©  2006  EMC  Co-uoratior  .  A'.!  rights ;  ,  v-  . 

....  .  -  <•  •  *  . .  L  ..  wwr/c. 

■  ;  c  :.-i-  -  - 

.  lr  ■ 

_ 


I  Peer  to  Peer  FIELD-TESTED  IDEAS  FROM  CIOs  FOR  CIOs 


referred  to  as  “the  maze”  by  human  services  advocates. 

Less  than  two  months  after  the  start  of  his  administration 
in  2003,  Gov.  Romney  announced  that  as  part  of  his  plan  for 
reorganizing  HHS,  he  was  going  to  build  a  virtual  gateway  to 
eliminate  the  maze  that  providers  and  beneficiaries  had  to 
navigate  to  work  with  HHS— at  the  time  a  $12  billion  leviathan. 
In  his  proposal,  the  core  administrative  functions  of  HHS  (IT, 
HR,  finance)  were  to  be  consolidated,  the  HHS  executive  office 
would  absorb  the  entire  state  Medicaid  program,  and  the  17 
agencies  would  be  grouped  into  four  core  service  areas. 

We  spent  the  first  10  months  of 2003  thinking,  planning  and 
architecting  an  IT  strategy  for  HHS.  We  focused  on  which 
business  processes  were  most  in  need  of  improvement,  and 
which  improvements  were  most  affordable.  We  singled  out 
intake  (filling  out  applications  for  benefits),  eligibility  deter¬ 
mination  and  referral  (letting  applicants  know  of  related  serv¬ 
ices  that  may  be  helpful)  as  the  processes  we  wanted  to 
streamline  and  standardize  first.  Some  states  have  attempted 
this  kind  of  streamlining  by  replacing  the  underlying  systems 
with  newer,  more  comprehensive  software.  We  lacked  the 
money  and  felt  too  much  time  pressure  to  go  in  that  direction. 
Instead,  we  decided  to  create  a  common  portal  to  the  17  agen¬ 


cies,  connecting  the  legacy  systems  with  a  service  bus  that 
would  enable  business  processes  to  span  systems. 

Today,  a  single  online  electronic  form  provides  access  to 
the  state’s  Medicaid,  food  stamps,  WIC  (the  nutrition  program 
for  women,  infants  and  children),  subsidized  child  care,  vet¬ 
erans  services,  care  for  the  disabled  and  many  other  HHS 
services.  Hospitals  and  community  health  centers  in  Massa¬ 
chusetts  can  now  check  for  any  preexisting  insurance  coverage 
for  low-income  patients,  and  if  none  exists,  immediately  enter 
Medicaid  application  data  online.  This  more  inclusive  cover¬ 
age  approach  encourages  preventive  care  rather  than  expensive 
emergency  room  care,  and  has  reduced  the  burden  to  the  pub¬ 
lic  of  paying  for  a  large  “uncompensated  care”  population. 

This  was  a  very  complex  undertaking,  executed  in  a  nearly 
impossible  time  frame.  Even  today,  I  wonder:  What  came 
together  to  make  this  happen? 

Just-in-Time  Development 

As  with  any  system  design  effort,  particularly  in  government, 
scope  creep  can  put  extravagant  demands  on  schedule  and 
resources.  After  several  months  of  somewhat  fruitless  attempts 
to  get  agreement  on  the  exact  dimensions  of  the  gateway,  we  hit 
upon  a  strategy  that  worked  very  well:  We  decided  to  time  the 
releases  of  the  gateway  using  a  rapid  application  design  tech¬ 


nique.  Instead  of  asking  What  is  the  ultimate  scope?”  and  imag¬ 
ining  an  artificial  completion  date  (with  everyone’s  wish  lists 
incorporated),  we  would  identify  the  best  set  of  services  we 
coidd  afford  to  build  during  the  fiscal  year. 

We  used  a  J2EE  enterprise  architecture  to  link  the  virtual 
gateway  with  the  agencies’  legacy  systems.  We  chose  to  go  in  the 
direction  of  J2EE  standards  because  they  offered  the  greatest 
scalability  and  flexibility  over  the  long  term.  We  also  chose  to 
adopt  a  Web-based  intake  form  application  Deloitte  Consulting 
had  built  for  Pennsylvania.  Deloitte  performed  the  principal 
virtual  gateway  integration  work,  which  entailed  porting  its 
application  to  a  Java  code  base,  and  helping  to  orchestrate  the  con¬ 
nection  of  three  existing  systems— one  using  Cobol  on  the  main¬ 
frame,  another  using  Oracle  on  a  midrange  platform,  and  the 
third  a  SQL  server/. Net  system— to  an  enterprise  services  bus 
implemented  in  BEA  WebLogic. 

The  Gateway  Goes  Live 

At  11:30  a.m.  on  Aug.  12, 2004,  the  virtual  gateway  release  one 
(for  intake,  eligibility,  and  referrals  for  Medicaid,  food  stamps, 
WIC  and  child  care)  processed  its  first  online  application. 
Since  then,  the  system  has  processed  over  164,000  applica¬ 
tions  and  averages  3,000  applications 
per  week.  The  first  release  cost  less  than 
$8  million,  including  software,  hard¬ 
ware  and  services.  Subsequent  releases 
have  added  intake  for  programs  such 
as  veterans  and  disabilities  services  and 
entirely  different  processes— for  instance,  helping  with  cen¬ 
sus  management  for  homeless  shelters. 

In  December  2005,  an  independent  group  known  as  Com¬ 
munity  Partners  surveyed  health-care  providers  about  the  vir¬ 
tual  gateway.  The  survey  found  that  the  gateway  not  only  made 
the  job  of  frontline  workers  easier  and  significantly  reduced 
the  time  necessary  for  an  eligibility  determination  but  also 
improved  the  experience  of  most  Massachusetts  residents  in 
applying  for  benefits. 

I  can’t  say  enough  about  the  team  that  engaged  in  this  effort.  The 
development  and  operations  teams  worked  virtually  seven  days 
a  week  for  two  months  prior  to  the  launch.  And  they’re  still  going 
the  extra  mile.  People  poured  energy  into  this  project  because 
they  felt  it  mattered.  For  me,  the  project  was  especially  instruc¬ 
tive  as  an  example  of  how  an  open,  standard  framework  allows 
multiple  systems  to  interoperate.  Many  opportunities  of  this  sort 
are  yet  to  be  explored  among  government  agencies.  I  have  recently 
accepted  the  role  of  state  CIO  in  hopes  of  doing  so.  (313 


Louis  Gutierrez,  recently  CIO  of  the  Massachusetts 
Executive  Office  of  Health  and  Human  Services,  is 
now  CIO  of  the  Commonwealth  of  Massachusetts,  a 
position  he  also  held  from  1996  to  1998.  He  can  be 
reached  at  louis.gutierrez@state.ma.us. 


Instead  of  asking  "What  is  the  ultimate 
scope?"  we  identified  the  best  services 
we  could  afford  to  build. 


42  MARCH  15,  2006  |  www.cio.com 


COMPLE 

FIN 


NO  LIMITATIONS.  NO  IMITAT 


Business  Intelligence  made  a  promise:  to  make  it  simple  for  everyone  to  use  information  to  make  better 
decisions.  But,  given  your  complex  IT  infrastructure,  the  reality  of  getting  a  single  BI  standard  in  place  across 
the  company  has  been  anything  but  simple.  Until  now. 

Introducing  Cognos  8  Business  Intelligence,  the  one  solution  built  to  break  down  the  barriers  limiting  BI’s 
potential.  With  a  complete  web-services  based  SO  A.  A  simple  browser-based  interface.  A  full  range  of  BI  capabilities 
—  reporting,  analysis,  scorecarding,  dashboarding  and  more  —  all  in  a  single  product  and  on  a  single  architecture. 
And  the  BI  foundation  for  companies  demanding  a  simpler  path  to  a  complete  performance  management  system. 

It’s  everything  BI  promised  to  be.  And  now,  it’s  here. 

To  learn  more  and  to  find  out  where  you  can  preview  Cognos  8,  go  to  cognos.com/simple 


COGNOS  8  BUSINESS  INTELLIGENCE. 


/V* 

THE  NEXT  LEVEL  OF  PERFORMANCE™ 


Copyright  ©  2006  Cognos  Incorporated.  All  rights  reserved. 


www.cio.com 


Spend  Less 


MIKE  BENSON  WASN'T  looking  forward  to 
negotiating  his  new  telecom  contract.  The  CIO  of 
DirecTV  had  invited  his  existing  provider,  AT&T, 
along  with  rivals  Sprint  and  Verizon,  to  bid  on 
DirecTV's  new  contracts  for  2006.  Benson  wasn’t 
just  negotiating  for  the  satellite  TV  company’s  local 
and  long-distance  communication  needs  but  for 
all  of  its  voice,  data  and  networking  services. 

Not  only  would  he  have  to  untangle  the  telecom 
carriers’  incredibly  complicated  pricing  on  current 
services,  but  he  would  have  to  figure  out  which 
could  offer  the  best  deal  on  new  networking  tech¬ 
nologies  such  as  VoIP  telephony  and  multiprotocol 
label  switching,  or  MPLS.  And  he  knew  that  if  he 
switched  from  AT&T  to  a  different  company,  it  could 
take  up  to  two  years  to  complete  the  transition. 

"[The  carriers]  will  assure  you  the  migration 
will  be  fine,”  Benson  says.  “But  in  reality  something 
will  always  go  wrong.” 

Making  the  right  decision  is  a  big  load  on 
Benson’s  mind.  And  he  is  not  alone.  Now  that 
telecom  and  IT  have  converged  of  late  into  net¬ 
worked  IT  services,  the  responsibility  for  negoti¬ 
ating  and  managing  telecom  contracts  in  an 
increasing  number  of  companies  has  fallen  to  the 
CIO.  And  many  are  not  prepared  for  the  challenge. 
According  to  a  survey  of  IT  execs  enrolled  in  The 
Ohio  State  University’s  CIO  Solutions  Gallery 
program,  telecom  contracts  are  the  source  of 
most  CIOs'  greatest  long-term  strategic  confusion 
and  biggest  all-around  tactical,  day-to-day  admin¬ 
istrative  frustration.  And  they  openly  acknowledge 
it  is  their  sector  of  greatest  ignorance. 

To  make  matters  worse,  the  telecom  arena  has 
never  been  so  chaotic.  Deregulation  has  created 
a  thicket  of  carriers  offering  long-distance,  local, 
wireless  and  networking  services  at  unpredictable 
rates.  These  carriers  use  dozens  of  different  billing 
formats,  and  CIOs  regularly  complain  about  errors 
and  overcharges. 


Negotiating  for 
networked  telecom 
services  is  now  largely 
the  responsibility 


of  CIOs.  Fortunately, 
help  is  on  the  way. 

BY  THOMAS  WAILGUM 


Reader  ROI 

Why  the  telecom 
industry  is  in  flux 

How  you  can  negoti¬ 
ate  fair  contracts  with 
carriers 

What  CIOs  need  to 
know  about  the  future 
of  networked  services 


MARCH  15.  2006 


Cover  Story  |  Telecommunications 


"The  question  becomes,  which  horse  to  ride? 
Go  with  the  blue  chips  or  go  with  the  Vonages?" 


-JAMES  M.  SMITH,  ATTORNEY 


While  the  past  year  has  seen  unprece¬ 
dented  megamergers,  most  notably  the 
marriage  of  SBC  and  AT&T,  these  M&As 
have  done  little  to  clear  up  the  confusion. 
The  costs  to  corporate  America  couldn’t  be 
higher,  in  large  part  because  the  networking 
services  offered  under  the  telecom  umbrella 
are  more  sophisticated— and  more  crucial 
to  enterprises’  day-to-day  operations— than 
ever  before.  “Many  people  think  of  telecom 
as  a  cost,  and  it  is,  but  it  provides  a  function 
we  can’t  live  without,”  says  Lisa  Pierce,  vice 
president  of  telecom  and  networks  at  For¬ 
rester  Research. 

According  to  Aberdeen  Group,  the  aver¬ 
age  Fortune  500  company  spends  $116  mil¬ 
lion  each  year  on  telecom  services  (for 
mid-market  enterprises,  it’s  $26  million). 
According  to  several  telecom  sources,  tele¬ 
com  costs  have  jumped  into  the  top  three 
line  items  for  most  companies.  In  addition, 
up  to  12  percent  of  telecom  service  expenses 
are  erroneous.  Such  errors  result  in  an  esti¬ 
mated  $8  million  a  year  in  lost  profits  per 
company,  according  to  Aberdeen  Group. 

“It’s  not  hyperbole  to  state  that  networks 
and  telecom  are  the  worst  managed  func¬ 
tion  in  IT,”  says  Eric  Goodness,  a  research 
VP  for  managed  and  professional  network 
services  at  Gartner.  “There’s  anarchy  and  a 
total  lack  of  governance.” 

But  a  few  CIOs  have  found  a  path 
through  the  telecom  jungle.  Some  have 
turned  to  third-party  telecom  expense  man¬ 
agement  vendors,  or  TEMs,  that  know  the 
lay  of  the  land  and  can  help  CIOs  through 
contract  negotiations  and  billing  problems. 
Others  are  saving  on  long-distance  telecom 
costs  by  rolling  out  small-scale  VoIP  deploy¬ 
ments.  CIOs  and  analysts  interviewed  for 
this  article  offer  valuable  insights  and  exam¬ 
ples  of  how  they’re  contending  with  the  spi¬ 
raling  costs  of  today’s  telecom. 


If  CIOs  don’t  grab  control  over  their  tele¬ 
com  spend  now,  “they  will  be  behind  the 
eight  ball,”  says  John  Nallin,  the  vice  pres¬ 
ident  at  UPS  in  charge  of  worldwide 
telecommunications.  “The  best  defense  is  a 
good  offense.” 

THE  NEW  TELECOM  LANDSCAPE 

For  nearly  100  years,  there  wasn’t  much 
to  managing  telecom.  AT&T’s  Bell  System 
had  a  monopoly  on  everything,  and  its 
prices  were,  for  the  most  part,  nonnego- 
tiable.  The  breakup  of  AT&T  in  1984  and 
deregulation  of  telecommunications  in  1996 
ushered  in  a  new  era.  Copper  changed  to 
fiber.  Network  capabilities  expanded.  And 
IP  became  the  de  facto  networking  stan¬ 
dard  in  the  Internet  age. 

Along  with  new  choices  came  new  com¬ 
plexities:  dozens  of  telecom  suppliers  offer¬ 
ing  local,  long  distance,  wireless  and 
networking  services  at  various  prices  in  a 
bewildering  array  of  billing  formats.  For 
the  most  part,  though,  the  brand-new  com¬ 
petition  led  to  consistent  reductions  in  tele¬ 
com  spending  every  year. 

Within  the  past  10  years,  however,  the 
telecom  landscape  shifted  once  more,  and 
no  event  was  more  jolting  than  when  the  IT 
department  and  the  telecom  folks  entered 
into  a  sort  of  arranged  marriage.  Because  IT 
ran  data  networks,  and  telecom  carriers 
were  increasingly  providing  network-based 
services  (for  WANs  and  LANs),  and  voice 
could  now  run  over  networks  (VoIP),  all  of 
telecom  was  rolled  under  IT’s  umbrella. 
Networking  became  even  more  critical- 
computers  that  can’t  talk  to  each  other  are 
essentially  useless— and  CIOs  set  out  to 
upgrade  their  network  infrastructures  to 
keep  up. 

For  some  enterprises,  the  process  of 
upgrading  their  networks  has  become  a 


Sisyphean  task.  “It’s  like  painting  the 
George  Washington  Bridge,”  says  UPS’s 
Nallin.  “When  we  get  three-quarters  of  the 
way  down  the  bridge,  and  we  look  back,  we 
know  we’re  going  to  have  to  start  painting 
it  again  when  we  get  done.” 

Carriers  themselves  are  still  operating 
with  legacy  databases  and  networks  that 
were  designed  to  carry  only  basic  telecom 
services.  Today,  telcos  are  still  trying  to 
upgrade  their  systems  to  efficiently  trans¬ 
port  today’s  data,  voice  and  video  offerings 
to  keep  pace  with  new  competitors.  (Veri¬ 
zon,  for  one,  is  spending  $20  billion  on  its 
fiber-optic  overhaul.) 

Threats  to  carriers’  once-protected  rev¬ 
enue  streams  are  everywhere— from  VoIP 
companies  such  as  Skype  and  Vonage  to 
cable  providers  such  as  Comcast  and  Time 
Warner.  And  then  there  are  the  IBMs,  CSCs 
and  EDSs  of  the  world  that  offer  an  out¬ 
sourced  pain  reliever  for  all  CIOs’  telecom 
headaches. 

“There’s  tremendous  confusion  in  the 
marketplace  with  all  of  this  consolidation,” 
says  James  M.  Smith,  a  telecommunications 
attorney  at  Davis  Wright  Tremaine  and  a 
former  telecom  executive.  “For  CIOs,  the 
question  becomes.  What  does  the  future 
bring,  and  which  horse  to  ride?  Go  with  the 
blue  chips  or  go  with  the  Vonages?” 

Even  today,  CIOs  still  fight  the  en¬ 
trenched  executive  view  that  telecom  costs 
should  always  decrease.  What  CEOs  and 
CFOs  don’t  necessarily  understand  is  that 
the  enormous  productivity  and  efficiency 
gains  they’ve  seen  in  their  enterprises  in 
recent  years  have  been  an  outgrowth  of  the 
new  networked  telecom  infrastructure. 
And  their  networks’  bandwidth  needs  will 
only  continue  to  grow,  putting  added  pres¬ 
sure  on  CIOs  to  explain  why  telecom  is  so 
vital  to  the  company’s  future. 


4  6 


MARCH  15,  2006  |  www.cio.com 


Protecting  your  networks  is  not  enough.  Hackers  can  get  around  firewalls  by  attacking  weak  applications 
But  Fortify®  strengthens  applications  at  the  source:  the  code  itself.  What's  that  mean  for  you? 

A  little  more  sleep  at  night.  While  the  hackers  go  into  hiding.  Fortify  your  software  today. 


d  Days  from  Now 


A  rival  programmer  from 
your  college  days  hacks 
the  security  code  you 
wrote  for  your  company's 
customer  database. 


from  Now: 


The  company  notices  the 
As  low  man  on 


breach 
the  totem  pole  and  writer 
of  the  code,  you  take  the 
blame,  and  lose  your  job. 


3  Months  from  Now 


The  hacker  publishes  a  book  on 
how  he  pulled  off  the  great  hack 
The  book  makes  millions. 


4  Months  from  Now: 


The  hacker  is  hired  at  your 
old  company  as  security  chief 
at  20  times  what  you  made. 


5  Months  from  Now: 


You  move  out  of  your  nice 
two-bedroom  condo,  and  back 
to  your  mother's  basement. 
Where  you  spend  many  nights 
plotting  your  revenge. 


Wouldn't  you  rather  know  NOW? 


, 

»  fortifysoftw*re:com 


Get  your  FREE  security  assessment  today 


©  £006  Fortify  Software  Ini 


Cover  Story 


Telecommunications 


To  help  him  navigate  the  telecom  jungle,  JOHN  NALLIN,  VP  of  worldwide  telecom  at 
UPS,  belongs  to  a  consortium  of  companies  that  share  information  on  rates  for  services. 


“The  networks  are  the  veins  of  the  com¬ 
pany,  and  we’re  bandwidth  junkies,”  says 
the  global  network  manager  at  a  worldwide 
manufacturer  of  retail  goods.  “We’re  a  com¬ 
pany  that  lives  and  dies  on  top  of  [the  car¬ 
riers’]  services.” 

THE  DEVIL  IS  IN 
THE  (PRICING)  DETAILS 

The  vexing  challenge  for  CIOs  in  this  new 
era  is  figuring  out  just  how  much  telecom 
rates  should  be,  and  then  negotiating  fair 
deals  with  the  plethora  of  providers  that 
offer  various  networked  services.  Telecom 
contracts,  which  can  contain  hundreds  of 
pages  of  obscure  terminology  and  restric¬ 
tions,  can  confuse  even  the  most  legal- 
minded  CIO.  “Sorting  out  the  legal 
gobbledygook  to  get  a  contract  on  anything 
[related  to  telecom]  takes  as  long  as  it  does 
to  put  the  project  in,”  UPS’s  Nallin  says. 

Prices  can  vary  widely  between  service 
providers,  and  CIOs  have  no  way  of  know¬ 
ing  whether  the  prices  they  are  being 
quoted  by  various  carriers  are  competitive 
or  fair.  “What  becomes  difficult  is  how 
do  you  stay  current  with  the  new  rate  struc¬ 
tures  and  contracting  approaches,”  says 
Tom  Lesica,  senior  vice  president  for  global 
information  technology  and  business  oper¬ 
ations  at  Avaya.  Lesica  just  went  through 
an  RFP  with  the  carriers  that  included  12 
telecom  services.  “It’s  difficult  for  me  or  for 
my  team  to  constantly  go  through  the  day- 
to-day,  week-to-week  fluctuations  [in 
prices],”  he  says. 

One  carrier  tactic  that  muddies  the 
waters  is  called  margin  balancing.  The  tele¬ 
com  carrier  will  give  the  CIO  a  low  rate  on 
an  800-number,  but  not  point  out  that  the 
rate  being  quoted  on  something  else  (such 
as  data  services)  is  actually  40  percent 
above  the  going  rate.  “It’s  difficult  to  know 
the  price  points  that  CIOs  should  be  aiming 
for,”  says  Charlotte  Yates,  CEO  of  Telwares, 
a  company  that  specializes  in  telecom  con¬ 
tract  negotiations  and  maintains  historical 
data  on  carrier  rates.  “You  might  as  well 
have  a  dartboard.” 

For  guidance,  companies  used  to  be  able 
to  look  to  Deal  Watch,  a  compendium  of  car¬ 
rier  rates  published  by  the  Center  for 
Communications  Management  Information 
(CCMI).  Publication  ceased  last  year  because 


48 


MARCH  15,  2006  |  www.cio.com 


PHOTO  BY  PETER  MURPHY 


Find  tools  and  guidance  to  defend  your  network  at  microsoft.com/security/IT 


Free  Tools  and  Updates:  Streamline  patch  management 
with  automated  tools  like  Windows  Server  Update  Services. 
And  verify  that  your  systems  are  configured  for  maximized 
security  with  Microsoft  Baseline  Security  Analyzer. 

Microsoft  Security  Assessment  Tool:  Complete  this 
free,  online  self-assessment  to  evaluate  your  organization's 
security  practices  and  identify  areas  for  improvement. 


Antivirus  for  Exchange:  Download  a  free  trial  of  Antigen  for 
Exchange  and  arm  your  e-mail  server  with  powerful  multi-engine 
protection  from  viruses,  worms,  and  inappropriate  content 

Learning  Paths  for  Security:  Take  advantage  of  in-depth 
online  training  tools  and  security  expert  webcasts  organized 
around  your  specific  needs.  Then  test  your  security  solutions 
in  virtual  labs,  all  available  on  TechNet. 


/Iicfosoft  Corporation  All  rights  reserved.  Microsoft,  Antigen,  and  Windows  Server  are  either 
4  trademarks  or  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries. 


VIRUSES  AND 
WORMS 


wm 


WILL  BE 
FLATTENED 


MICROSOFT.COM/SECURITY/IT 


•'  v 


♦w  -* 


Cover  Story  |  Telecommunications 

carriers  stopped  providing  specifics— only 
wide  ranges  on  services,  such  as  voice  and 
frame  relay,  even  though  the  Federal  Com¬ 
munications  Commission  requires  rate  dis¬ 
closure.  According  to  Bill  Goddard,  product 
manager  at  CCMI,  the  range  of  rates  on 
frame-relay  service,  for  example,  can  run 
anywhere  from  $32  to  $40,180  per  month. 
(To  see  a  comparison  of  AT&T’s  publicly 
disclosed  rate  contracts,  go  to  www.cio.com/ 
031S06).  “They’re  posting  data  publicly,  but 
it’s  absolutely  no  use  to  anyone,”  he  says. 
The  carriers  are  able  to  get  around  the  FCC 
requirement  that  they  must  “publicly  dis¬ 
close”  their  rates  because  that  term  is  so 
unclear.  CCMI  filed  a  formal  complaint 
with  the  FCC,  and  it’s  still  waiting  for  an 
answer.  “The  FCC  has  stuck  its  head  in  the 
sand  and  wrote  a  nebulous  order  and  is  not 
particularly  stringent  about  the  enforce¬ 
ment,”  Goddard  says.  “As  an  end  user  it 
becomes  extremely  difficult  to  determine 
what  the  market  rates  are.” 

Not  only  can  executives  no  longer  get 
comparative  pricing  information  but  in 
some  cases  carriers  have  actually  inserted 
legalese  into  the  contracts  to  block  CIOs 
from  comparing  their  telecom  rates  with 
other  CIOs  and  then  bringing  those  rates  to 
the  carriers’  attention  during  negotiations, 
according  to  Yates.  CIOs  should  be  alert  to 
such  clauses  because  talking  to  your  col¬ 
leagues  is  one  of  the  best  means  of  obtain¬ 
ing  comparative  pricing  data. 

CIOs  may  believe  that  the  more  services 
you  purchase  from  one  vendor,  the  lower 
the  rate  it  will  quote  you.  But  experts  say 
that  is  not  so.  Telwares’  data  shows  that 
small  companies  receive  just  as  many  lower- 
priced  deals  as  the  big  boys  do.  Therefore, 
going  with  one  carrier  isn’t  always  the  best 
solution  for  large  enterprises. 

Carriers  say  that  they’re  not  out  to  deceive 


The  Telecom  Roller  Coaster 

Here’s  a  sneak  preview  of  how  the  industry  will  shake  out  in  2006 


HISTORICALLY  SPEAKING,  2005  will 
be  remembered  as  a  year  of  massive 
telecom  consolidation.  SBC  and  AT&T 
merged,  as  did  Sprint  and  Nextel.  Veri¬ 
zon  got  the  government’s  go-ahead  to 
buy  MCI.  Fierce  competitors  joined  up, 
leaving  the  big  three:  AT&T,  Sprint  and 
Verizon.  It  almost  seemed  like  old 
times.  “Five  years  ago,  companies  were 
flooding  into  this  marketplace,”  says 
James  M.  Smith,  a  telecommunications 
attorney  at  Davis  Wright  Tremaine  and 
a  former  telecom  executive.  "Now, 
they  don’t  exist  anymore.  They’ve  been 
swallowed  up  by  Bell  operating  compa¬ 
nies.”  Or  they’ve  gone  out  of  business. 

The  impact  on  the  CIO  is  twofold. 

First,  CIOs  should  prepare  for  service 
disruptions,  increased  billing  errors  and 
customer  service  irregularities.  Most  of 
the  value  of  a  merger  comes  from  inte¬ 
grating  the  business  and  operational 
support  systems.  The  consequence  of 
most  M&As  is  at  minimum  a  two-year 
period  of  operational  and  innovation 


their  customers.  “It’s  possible  that  I  could 
trick  a  customer  [during  contract  negotia¬ 
tions],”  says  John  Irwin,  vice  president  and 
general  manager  of  BellSouth  Business,  but 
he  says  he  knows  he’ll  lose  such  customers 
when  they  figure  it  out.  There’s  very  little 
loyalty  in  telecom  to  begin  with.  As  for  the 
negotiations,  Irwin  says  his  customers 
rarely  pay  the  “sticker  price.”  CIOs  might 
not  always  hit  their  ideal,  Irwin  says,  “but 
they’re  going  to  be  in  spittin’  distance.” 

However,  Irwin  does  acknowledge  the 
difficulty  of  the  CIO’s  negotiation  position. 


disruption  for  enterprises,  a  Forrester 
Research  report  says. 

Mark  Keiffer,  AT&T  Business’s  chief 
marketing  officer,  acknowledges  that 
there’s  been  a  lot  of  “noise"  about  the 
newly  merged  systems  and  customer 
service  levels.  Keiffer  says  the  new 
AT&T  will  honor  all  existing  contracts. 
(The  other  carriers  have  pledged  similar 
arrangements.) 

The  second  issue  for  CIOs  is  the  all- 
important  economic  question:  Do  fewer 
competitors  mean  increased  prices? 
During  the  late  ’90s  and  into  early 
2000,  a  lot  of  competition  meant  cheap 
prices  for  ATM,  frame  relay  and  T1 
services.  In  2003,  a  T1  went  for  $1,800. 
In  2005,  it’s  less  than  $400,  says  Keith 
Nissen,  a  senior  analyst  at  market 
research  company  In-Stat.  “Now,  you 
don't  have  that  competition,  and  what’s 
happening  is  that  the  IT  departments 
are  not  able  to  get  the  price  concessions 
that  they  had  before,"  says  Nissen. 
“Prices  may  be  going  up  a  bit.”  -T.  W. 


“Probably  there’s  no  foolproof  way  to  make 
sure  that  [CIOs]  are  getting  the  best  deal 
possible,”  he  says. 

HOW  TO  AVOID 

THE  BILLING  QUAGMIRE 

Because  they  deal  with  so  many  carriers 
for  networked  IT  services,  companies  big 
and  small  are  awash  in  telecom  bills. 
According  to  Aberdeen  Group,  the  average 
mid-market  enterprise  processes  more  than 
3,000  telecom-related  bills  per  year;  for  the 
average  Fortune  500  company,  it’s  15,000. 


The  most  vexing  challenge  for  CIOs  is  figuring  out  just 

how  much  telecom  rates  should  be,  and  then  negotiating 

fair  deals  with  the  plethora  of  providers. 


CHIEF 

DEMAND 

OFFICER 


IT'S  A  DEMAND-DRIVEN  WORLD.  BE  A  DEMAND  DRIVEN  ENTERPRISE.  It's  time  to  make  customer  demand  drive  your  supply  chain,  your 
products,  your  entire  enterprise.  SSA  Global  delivers  the  extended  ERP  solutions  you  need  to  help  make  the  demand-driven 
supply  chain  a  reality -across  new  product  development,  sales  and  operations  planning,  supply  and  demand,  operations 
and  logistics.  Let's  get  started. 

Download  Demand  Drives,  your  guide  to  becoming  a  demand-driven  enterprise, 
at  www.ssaglobal.com/demanddrives/na.  Or  call  1-877-SSA-GLOBAL  (1-877-772-4562). 


CPM  CRM  ERP  FM  HCM  PLM  SCM  SRM 

forward  faster 


%  Sr* 
S  S  I 


global 


©  2006  Copyright  SSA  Global  Technologies,  Inc.  and  its  Subsidiaries  and  Affiliates.  All  rights  reserved.  The  SSA  Global  logo,  SSA  Global,  SSA,  and  forward  faster  are  trademarks  of  SSA  Global  Technologies,  Inc 


Cover  Story 


Telecommunications 


The  cost  of  just  processing  these  bills  (with 
no  auditing  for  errors)  is  $9  to  $15  per 
invoice.  Conservatively,  this  equates  to  an 
average  of  $135,000  in  processing  costs  for 
big  companies  and  $27,000  at  midsize  com¬ 
panies— and  that’s  just  to  keep  on  top  of  the 
volume. 

Now  think  about  this:  Gartner  estimates 
that  up  to  14  percent  of  telecom  charges  are 
in  error.  Finding  those  errors  (think  needle 
in  a  haystack)  and  getting  the  carriers  to 
reimburse  your  account  is  arduous.  Meta 
Group  says  20  percent  of  the  problem  is 
finding  the  error:  80  percent  is  getting  the 
carrier  to  pay  up.  Carriers  are  even  impos¬ 
ing  a  statute  of  limitations  on  their  cus¬ 
tomers  seeking  compensation  for  billing 
errors.  Basically,  if  you  can’t  find  the  billing 
error  (say  a  telecom  service  was  ordered  but 
wasn’t  installed  correctly)  within  a  certain 
time  frame— say,  three  months— you  can’t 
get  that  money  back  from  some  carriers. 

In  order  to  process  an  invoice,  telecom 
analysts  need  to  look  over  each  bill  (some  on 
paper,  some  on  CD-ROM)  and  audit  it 
against  terms  of  the  contracts  as  well  as 
against  tariff  and  service  guidelines,  tax 
charges  and  physical  telecom  inventories 
such  as  the  number  of  circuits.  Every 
month.  A  VP  of  telecom  procurement  at  a 
global  financial  services  company  says  her 
division  alone  receives  7,000  to  8,000  bills 
per  month. 

“And  we  are  one  of  many  divisions,”  says 
the  woman,  who  asked  not  to  be  identified. 
Her  company  has  outsourced,  insourced 
and  outsourced  again  the  billing  and 
expense  management.  Her  group  would 
need  about  20  or  so  full-time  staffers  to 
scrutinize  and  pay  telecom  bills  in-house, 
she  estimates. 

According  to  TEM  vendor  Control  Point 
Solutions,  simple  billing  errors  can  take  60 
to  120  days  to  resolve  with  carriers.  Exam¬ 
ples:  A  special  contract  price  is  not  applied 
to  a  service;  circuits  or  phone  lines  are  taken 
out  of  service  but  never  removed  from 
billing;  and  a  company  is  double-taxed  on 
multistate  services. 

Complex  billing  errors  can  take  much 
longer  to  resolve.  For  example,  say  one  com¬ 
pany  acquires  another.  The  acquiring  com¬ 
pany  must  notify  the  telecom  provider  and 
request  that  the  acquired  company  have  all 


its  billing  tied  to  the  master  service  agree¬ 
ment  of  the  acquirer  in  order  to  get  the  same 
discounts  and  pricing.  It  can  take  up  to  a 
year  to  ensure  that  all  billing  and  docu¬ 
mentation  is  correct  and  that  the  carrier 
doesn’t  slap  the  acquiree  with  early  can¬ 
cellation  and  other  commitment  penalties, 
according  to  Control  Point. 

For  a  public  company,  there  are  key  cut¬ 
off  dates  when  accounting  needs  to  report 
finances  for  the  quarterly  statements.  If 
there  are  outstanding  expenses  that  sup¬ 
pliers  haven’t  sent  the  company,  accounting 
folks  must  estimate  that  amount.  Process¬ 
ing  telecom  invoices  (which  come  at  vary¬ 
ing  times  during  the  month)  along  with 
billing  disputes  and  outstanding  credits 
are  huge  problems  because  those  can  pro¬ 
duce  significant  revenue  swings.  And  CIOs 
bear  the  brunt  of  the  finance  department’s 
frustrations. 


“I’m  getting  the  tar  beaten  out  of  me”  by 
the  finance  staff,  says  the  global  network 
manager  at  the  worldwide  manufacturer 
of  retail  goods.  “Finance  says,  ‘Dammit, 
why  can’t  you  do  it  month-to-month  prop¬ 
erly?  It’s  $200,000  one  month;  the  next 
month  it’s  $100,000.’” 

HOW  TO  FIGHT  BACK 

Despite  all  the  heartburn,  CIOs  do  have 
some  alternatives  for  restoring  sanity  to 
their  telecom  situation.  Now  is  the  time,  for 
instance,  to  lean  on  the  carrier  relationships 
you’ve  developed  over  the  years.  “The 
merged  companies  don’t  want  to  sit  by  the 
wayside  and  see  their  customers  being 
taken  away  from  them,”  says  UPS’s  Nallin. 

Other  IT  execs  and  telecom  analysts  con¬ 
cur  that  now  is  a  perfect  time  to  play  ven¬ 
dors  against  each  other  (as  well  as  the  cable 
companies)  in  negotiations.  The  global  net- 


How  to  Get  the  Best  Value 

from  Telecom  Carriers  Five  steps  tor  success  i  n  2006 

Prepare  for  the  worst. 

Plan  for  the  potential  nega¬ 
tive  effects  of  the  recent 
industry  consolidation. 
Possible  impacts  include 
stabilizing  prices  with  the 
potential  for  increases, 

services.  Most  companies 
obtain  suboptimal  con¬ 
tracts  compared  with  the 

current  market. 

Control  wireless. 

Proactively  gain  control 

you  will  not  be  penalized 

due  to  unforeseen  events 

(business  downturn, 
changes  in  technology 
and  so  on).  Let’s  say,  for 
instance,  that  a  CIO  is  able 
to  migrate  some  of  his 

degradation  in  account 
support  and  network 
hiccups  due  to  network 

consolidations. 

and  visibility  over  your 
wireless  assets.  Wireless 

will  continue  to  be  the 

fastest-growing  telecom 
segment  for  the  foresee¬ 
able  future,  and  along  with 
that  comes  increased 

expense  and  increased 
security  risk. 

phone  calls  to  a  private  net¬ 
work  VoIP  solution,  which 
saves  some  money.  But  the 
commitment  piece  of  the 
previous  contract  may  still 

be  in  effect.  "What  looks 

like  a  big  IT  win,  a  year  or 
two  later,  is  a  big  shortfall," 
says  Charlotte  Yates,  CEO 

Inspect  contracts. 

Conduct  a  thorough  review 
of  your  telecom  contracts 
to  identify  any  deficiencies 

in  pricing,  service-level 
agreements,  risk  mitigation 
provisions  and  contract 
structure  flexibility. 

of  Telwares.  To  eliminate 

Be  flexible.  Design  your 

contracts  with  sufficient 
flexibility  to  maneuver  and 
adjust  to  changes.  In  addi¬ 
tion,  you  should  be  sure  to 

include  clear  commitment 
adjustment  provisions  in 
your  contract,  whereby 

that  possibility,  Yates 
advises  CIOs  to  add  a 
“technology  change” 

clause  to  the  contract  so 
that  if  a  CIO  does  migrate 
to  a  new  technology  he 
won’t  be  penalized  for  the 
savings.  -T.W. 

Benchmark  deals. 

Do  not  neglect  the 
negotiation  and  procure¬ 
ment  process  for  telecom 

5  2 


MARCH  15,  2006  |  www.cio.com 


IT’S  A  NOTEBOOK. 

IT’S  A  TABLET 

IT’S  THE  BEST  OF  BOTH  WORLDS. 


LifeBook®  T4000  Tablet  PC 


Fujitsu  recommends 
Microsoft®  Windows®  XP  Tablet  PC  Edition 


Configurable  to  only  4.3  lbs. 

A  versatile,  built-in  modular  bay 

Up  to  8.5  hours  maximum  battery  life 

XGA  wide-view  display  with  optional  indoor/outdoor  XGA 
wide-view  and  standard  SXGA+  high-resolution  displays 


It's  a  notebook  that  converts 


Why  limit  yourself  to  an  ordinary  tablet  or  notebook?  The  Fujitsu  LifeBookT4000  Tablet  PC  with  Intel®  Centrino™  Mobile 
Technology  instantly  changes  from  one  to  the  other  with  just  a  twist  and  flip  of  its  brilliant,  1 2. 1"  screen.  From  the  field  to  the 
back  office,  this  no-compromise  solution  is  the  only  mobile  computing  platform  you  need.  With  its  built-in  modular  bay,  you 
have  the  flexibility  to  burn  CDs  and  DVDs,  work  up  to  8.5  hours  between  charges,  or  trim  down  to  a  nimble  4.3  lbs.  It  also 
features  the  exclusive  Fujitsu  BayLock™  utility,  which  keeps  the  media  drive  and  its  contents  safe  should  you  accidentally  hit  the 
release  button  while  inTablet  PC  mode.To  find  out  why  the  LifeBookT4000 Tablet  PC  gives  mobile 
professionals  the  best  of  both  worlds,  visit  www.shopfujitsu.com/LifeBookT4000 
or  call  1 .800. FUJITSU. 

FUJITSU 

THE  POSSIBILITIES  ARE  INFINITE 


©2005  Fujitsu  Computer  Systems  Corporation  All  rights  reserved.  Fujitsu,  the  Fujitsu  logo  and  UfeBook  are  registered  trademarks  of  Fujitsu  Limited.  Bavtock  is  a  trademark  of  Fujitsu  Computer  Systems  Corporation 
logo.  Intel  Cemnno.  and  Intel  Centnno  logo  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Microsoft  and  Windows  are  registered  trad 


Cover  Story 


Telecommunications 


To  get  the  best  deal,  CIOs  should  spread  their  data, 


voice  and  networked  service  needs  among  various  carriers. 


work  manager  of  the  retail  goods  manu¬ 
facturer,  who  asked  not  to  be  identified, 
recently  de-installed  some  carrier  services 
in  his  U.S.  operations  and  had  Time  Warner 
Telecom  fulfill  them.  And  that  got  his  pre¬ 
vious  carriers’  attention. 

CIOs  have  to  use  “the  threat  of  moving 
away  as  a  tool  for  leverage,”  agrees  Jan  Daw¬ 
son,  a  research  director  with  Ovum.  He 
suggests  that  CIOs  demand  an  annual 
review  of  pricing  with  each  carrier  and  how 
those  prices  benchmark  against  the  car¬ 
rier’s  competitors. 

It’s  incumbent  on  CIOs  to  spread  their 
services  to  various  players  to  get  the  best 
deal.  “One  vendor  doesn’t  provide  all  of  the 
services,”  says  UPS’s  Nallin.  “They  just 
can’t  handle  all  of  the  coverage.” 

To  help  him  navigate  through  the  tele¬ 
com  minefield,  DirecTV’s  Benson  retained 
one  of  a  growing  legion  of  telecom  expense 
management  vendors.  Benson’s  reasoning 
is  simple:  “I  don’t  know  what  everyone  else 
is  paying,”  he  says.  According  to  a  report 
from  Forrester’s  Pierce,  most  TEMs  offer 
provider  selection  and  contract  negotiation; 
onetime  and  ongoing  bill  audits  and  bill 
verification;  inventory  cleanup;  bill  dispute 
and  credit  resolution;  bill  payment;  orders, 
changes  and  disconnects;  and  more.  Some 
of  the  bigger  players  are  Avotus,  Control 
Point  Solutions,  MBG,  ProfitLine  and  Ver- 
cuity  (which  owns  Telwares). 

Benson  uses  Telwares  for  his  up-front 
contract  negotiations.  “They  know  what 
the  going  rates  are,”  he  says.  Telwares  also 
preps  him  for  the  negotiations:  who  he  is 
likely  to  negotiate  with,  who  the  true  deci¬ 
sion-maker  inside  the  telecom  company  is 
and  how  that  person  will  react  to  what  he 
says.  He  also  has  used  Telwares  in  the  past 
for  some  onetime  bill  audits,  though  he 
keeps  the  back-end  bill  payment  duties  in- 
house. 

Like  all  outsourcing  arrangements  in  a 


nascent  industry,  there  are  danger  zones. 
Forrester’s  Pierce  calls  the  growing  use  of 
TEM  companies  a  “pit  of  vipers”  because 
engagements  can  quickly  lead  to  massive 
scope  creep  once  the  TEM  gets  inside  an 
enterprise.  So  first,  CIOs  need  to  ask  them¬ 
selves  what  is  the  specific  telecom  problem 
they  are  trying  to  solve.  Then  craft  an  RFP 
around  those  deliverables  and  make  sure 
the  TEM  can  realistically  fulfill  their  wants 
and  needs. 

Though  it  seems  obvious,  CIOs  need  to 
check  client  references  from  the  TEM  com¬ 
pany,  and  if  a  TEM  company’s  bid  is  SO  per¬ 
cent  less  than  everybody  else’s,  CIOs  should 
look  to  another  TEM  provider,  Gartner’s 
Goodness  says.  “A  lot  of  [companies]  have 
had  bad  experiences  with  [TEM  pro¬ 
viders],”  he  adds.  Most  bad  experiences 
involve  TEMs  that  overpromised  on  their 
capabilities  and  couldn’t  deliver  the  trum¬ 
peted  savings. 

UPS’s  Nallin  has  met  with  more  than  20 
telecom  expense  management  vendors  but 
ultimately  declined  their  services.  Instead 
he  belongs  to  an  ad  hoc  consortium  of  sim¬ 
ilarly  sized  companies  that  share  informa¬ 
tion  and  benchmark  rates  for  services  “so 
we  know  we’re  in  the  ballpark,”  he  says. 

YOUR  TELECOM  STRATEGY 
FOR  TOMORROW 

Once  CIOs  figure  out  how  to  negotiate  tele¬ 
com  contracts,  they  should  still  expect  a 
steep  learning  curve  with  all  the  new  net¬ 
work  technologies  coming  down  the  pike.  It 
is  now  up  to  the  CIO  and  his  network  man¬ 
agers  to  figure  out  how  to  make  VoIP  and 
other  cutting-edge  technologies  work— 
from  a  bandwidth,  security  and  financial 
perspective— and  achieve  all  the  hyped  sav¬ 
ings.  As  they  struggle  to  do  that,  CIOs  have 
quickly  learned  that  bandwidth  constraint 
is  a  major  problem.  “We’re  always  battling 
for  bandwidth  at  different  periods  of  time 


during  each  day,”  says  Nallin.  “To  manage 
that  is  a  pain  in  the  butt.” 

With  all  of  that  network  complexity, 
changing  service  providers  isn’t  like  switch¬ 
ing  your  long-distance  service.  (If  CIOs 
decide  to  part  ways  early,  expect  to  pay  a 
substantial  price  to  get  out  of  the  deal.)  “As 
you  move  to  more  IT-based  technologies, 
and  you  do  VoIP  and  have  a  lot  of  applica¬ 
tions  dependent  on  the  network,  it’s  more 
difficult  to  switch  out,”  says  DirecTV’s  Ben¬ 
son,  who  at  press  time  hadn’t  decided  which 
carriers  he  would  go  with. 

CIOs  can  turn  to  a  carrier  or  outsourcer 
such  as  EDS  or  IBM  to  host  the  VoIP  serv¬ 
ice.  “Hosted  telephony  puts  the  responsi¬ 
bility  back  on  the  carrier  or  outsourcer,” 
Goodness  says.  He  notes  that  there’s  more 
risk  in  operating  your  own  network.  “If  you 
run  the  best  network  in  the  world,  you’re 
not  going  to  get  that  much  of  an  attaboy,”  he 
says.  “If  the  network  goes  down,  you’re  out 
of  a  job.” 

For  better  or  worse,  carriers  are  going  to 
play  a  big  role  in  all  CIOs’  futures.  It  is, 
therefore,  up  to  each  executive  to  figure  out 
a  telecom  strategy  that  maximizes  his  IT 
infrastructure’s  capabilities,  keeps  end 
users  happy  and  doesn’t  break  the  bank. 
Which  is  no  easy  task  in  2006.  As  UPS’s 
Nallin  notes,  the  CIO’s  success  with  the  car¬ 
riers  will  depend  on  whether  “the  vendor  is 
managing  you,  or  are  you  managing  the 
vendor?”  HE 


Senior  Writer  Thomas  Wailgum  can  be  reached 
at  twailgum@cio.com. 


Compare  Telecom  Rates  and  Services 


To  read  CurrentAnalysis’s  comparison  of  the 
network  services  leaders  and  to  read  an  excerpt 
from  John  Handley's  book,  Telebomb:  The  Truth 
Behind  the  $500  Billion  Telecom  Bust  and 
What  the  Industry  Must  Do  to  Recover,  go  to 
www.cio.com/031506 


cio.com 


54 


MARCH  15,  2006  |  www.cio.com 


HP  ProLiant  DL360  G4p 

470063-702 

-  Intel®  Xeon®  Processor  (2  MB  cache,  3  GHz,  800  MHz) 

-  Intel®  Hyper-Threading  Technology 

-  Intel®  Extended  Memory  64  Technology 

-  2  GB  RAM 

-  10/10/1000  Ethernet 

-  3-year  warranty 
$1,599.00  After  $500  Instant  Savings 


HP  ProLiant  DL380  G4 

470063-705 

-  Intel®  Xeon®  Processor  (2  MB  cache,  3  GHz,  800  MHz) 

-  Intel®  Extended  Memory  64  Technology 
-2  GB  RAM,  CD-R 

-  10/100/1000  Ethernet 

-  3-year  warranty 
$2,149.00  After  $500  Instant  Savings 


LIMITED  TIME  OFFER! 
s500  INSTANT  SAVINGS 


EE  INTEGRATION 
A  FREE  36  GB  SCSI 
)T  SWAP  DRIVES* 

ffer  Ends  03.31.06. 

5  free  hard  drives  per  customer 


insight.com/hpcio 


*  800.998.8046 


“Changing  the  IT  Paradigm"  Intel  WP 

iurce  Code  A0037 

sight  and  the  Insight  logo  are  registered  trademarks  of  Insight  Direct  USA,  Inc.  IT  For  The  Way  You  Work  is  a  trademark  of  Insight  Direct  USA,  Inc.  All  other  trademarks,  registered  trademarks,  photos,  logos  and  llustrations 
|e  property  of  their  respective  owners  ©2006  Insight  Direct  USA,  Inc.  All  rights  reserved.Celeron,  Celeron  Inside,  Centrmo,  Centrmo  Logo.  Core  Inside,  Intel,  Intel  Logo,  Intel  Core,  Intel  Inside,  Intel  Inside  Logo,  Intel 
lieedStep  Intel  Viiv,  Itanium,  Itanium  Inside,  Pentium,  Pentium  Inside,  Xeon  and  Xeon  Inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  I  D  V  6  fl  t 


Enterprise  Risk  Management 


5  6  MARCH  15 


As  it  revamps  its  workflow  processes,  the  FDA  is  relying  on 
technology  to  reduce  the  risk  that  unsafe  substances— such 
as  the  pain  reliever  Vioxx— will  get  into  the  market 


n  Feb. 8, 2001, 

a  U.S.  Food  and  Drug  Admin¬ 
istration  advisory  committee 
met  to  discuss  a  study  con¬ 
ducted  by  the  pharmaceuti¬ 
cal  giant  Merck  that  showed 
a  disturbing  increase  in  heart 
attacks  and  strokes  among 
patients  taking  the  arthritis  pain 
reliever  Vioxx.  It  appeared  that  FDA 
reviewers,  before  pushing  Vioxx  through  its  fast-track  approval 
process  in  1999,  may  have  overlooked  data  from  Merck’s  clinical 
trials  pointing  to  potentially  fatal  reactions  to  the  drug. 

Three  years  later,  in  September  2004,  public  pressure  and  a 
high-profile  lawsuit  forced  Merck  to  pull  the  drug  off  the  mar¬ 
ket.  Meanwhile,  the  case  unleashed  a  storm  of  criticism  against 
the  FDA’s  approval  processes,  in  particular  its  ability  to  assess 
all  the  information  relevant  to  a  specific  medication  before 
clearing  it  for  public  use.  In  the  past  two  years,  the  agency  has 
watched  as  drugs  it  approved  for  multiple  sclerosis,  diabetes  and 
cholesterol  were  recalled  by  pharmaceutical  companies.  And  the 


FDA  has  been  forced  to  issue  increasing 
numbers  of  warnings  for  newly  approved 
drugs  that  have  turned  out  to  have  danger¬ 
ous  side  effects,  including  most  recently 
three  drugs  for  asthma  (Advair,  Serevent 
and  Foradil),  which  the  FDA  warned  in 
November  could  cause  severe  asthma 
attacks  and  possibly  death. 

According  to  a  report  by  the  Government 
Accountability  Office,  more  than  5  percent 
of  all  drugs  approved  between  1997  and 
2000  were  withdrawn  for  safety  reasons. 
These  withdrawals  concerned  drugs  that 
got  the  green  light  during  the  period  after 
Congress  passed  a  1992  law  that  encour¬ 
aged  faster  drug  approvals  and  resulted  in 
a  200  percent  increase  in  the  rate  of  such 
withdrawals  from  previous  years  (the  FDA 
disputes  the  study).  Last  November,  FDA 
scientist  turned  whistle-blower  David  Gra¬ 
ham  told  a  Senate  committee  that  his  agency, 
under  pressure  to  grant  fast  drug  approvals, 
is  “incapable  of  protecting  America  against 
another  Vioxx.” 

Criticism  has  been  aimed  at  the  FDA’s 
inability  to  properly  manage  the  risks  inher¬ 
ent  in  its  business  processes,  but  it  may  as 


2006  |  www.cio.com 


Enterprise  Risk  Management 


well  be  targeting  the  agency’s  IT  and  the 
workflow  the  systems  support.  During  the 
period  in  the  late  1990s  when  many  of  the 
recently  problematic  drugs  were  being 
approved,  the  agency  was  under  intense 
pressure  from  pharmaceutical  companies 
and  patients  to  fast-track  potentially  life¬ 
saving  medications.  But  it  was  saddled  with 
decade-old  information  systems  that  made 
it  difficult  for  FDA  scientists  to  access  all 
the  information  they  needed  to  make  deci¬ 
sions  quickly.  The  disconnect  between  new 
business  processes  and  old  IT  magnified 
the  central  risk  facing  the  100-year-old 
agency:  Moving  too  slowly  or  too  quickly 
could  cause  injury  or  even  death. 

The  FDA’s  high-wire  act  requires  it  to 
balance  the  demands  of  manufacturers  and 
patients  with  competing  demands  from  the 
general  public  to  make  sure  the  products 
are  safe— while  maintaining  the  trust  of  all 
these  constituents.  In  the  past,  the  FDA  has 
hired  more  scientists  and  other  support 
staff  to  keep  it  in  balance,  but,  increasingly, 
FDA  managers  are  concluding  that  IT  has 
a  central  role  to  play  in  managing  the 
agency’s  enterprise  risks.  “This  agency  is  all 
about  risk  management,”  says  acting  CIO 
Fred  Farmer.  “Everything  has  a  side  effect, 
even  an  orange.  And  so  when  a  drug  comes 
through  here,  it’s  always  a  balance  between 
what  good  is  it  going  to  do  versus  what 
harm  could  it  possibly  cause.” 

Neither  FDA  officials  nor  agency  critics 
attribute  the  Vioxx  disaster  to  ineffective 
IT.  But  in  2002,  as  the  controversy  over  the 
FDA’s  fast-track  process  was  building,  the 
agency  embarked  on  a  full-scale  modern¬ 
ization  of  the  systems  used  to  accept,  store 
and  manage  electronic  applications  for  new 
drugs  and  medical  devices. 

Most  of  the  FDA’s  effort  focuses  on  con¬ 
solidating  redundant  systems  throughout 
the  agency’s  eight  “centers”— the  divisions 
responsible  for  approving  products  within 
the  agency’s  jurisdiction.  These  products 
include  not  only  drugs,  medical  devices  and 
food,  but  also  so-called  biologies  (such  as 
vaccines),  veterinary  medicines,  cosmetics 
and  radiation-emitting  products  (such  as 
mobile  phones).  The  agency  also  conducts 
food  inspections  and  issues  regulations  for 
food  labels.  Agency  officials  believe  that 
decreasing  the  number  of  systems  the 


DA  managers  had  not  considered 
IT  to  be  a  central  component 
to  balancing  the  competing 
imperatives  of  caution  and  speed. 
IT  was  more  of  a  support  service. 


agency  must  maintain  and  establishing  data 
standards  will  help  scientists  share  infor¬ 
mation  more  quickly  and  easily.  With  better 
access  to  information,  they  will  make  faster 
decisions  based  on  better  analysis. 

Already  the  new  systems— and  work- 
flow  processes  that  have  accompanied 
them— are  showing  results,  says  Stephen 
Wilson,  acting  director  of  the  FDA’s  Office 
of  Business  Process  Support  in  the  Center 
for  Drug  Evaluation  and  Research  (CDER). 
For  example,  the  agency  can  now  track  a 
patient’s  reactions  to  a  new  drug  during  a 
clinical  trial,  increasing  the  likelihood  that 
adverse  effects  will  be  investigated  by  the 
FDA.  In  the  past,  it  could  take  weeks,  if  it 
was  possible  at  all,  to  locate  an  individual’s 
file.  “IT  allows  you  to  be  more  comprehen¬ 
sive  and  to  act  more  quickly,  which  lowers 
the  risks  all  the  way  around,”  Wilson  says. 

A  LEGACY  OF  RISK 

The  FDA’s  jurisdiction  covers  nearly  every 
product  that  Americans  ingest  or  apply  to 
their  bodies;  its  regulations  affect  25  percent 
of  the  $12  trillion  U.S.  economy.  Therefore, 
any  delay  in  getting  these  products  to  con¬ 
sumers  has  a  financial  impact  on  manu¬ 
facturers  and  sellers,  as  well  as  on  the 
health  and  satisfaction  of  the  public. 

On  the  flip  side,  FDA  officials  need  to  con¬ 
duct  scientifically  sound  reviews  in  order  to 
understand  a  product’s  adverse  effects.  But 
the  thoroughness  of  these  reviews  can  slow 
down  the  approval  process.  Before  Congress 
mandated  fast-track  drug  approvals,  reviews 
averaged  about  15  months  for  high-priority 
drugs  (those  like  Vioxx  believed  to  have  the 
potential  to  have  an  immediate  and  marked 
improvement  in  public  health)  and  more  than 
two  years  for  standard  drug  applications. 

For  years,  the  FDA  leaned  on  its  reputation 
for  taking  things  slowly  to  protect  public 
health.  But  in  1992,  after  years  of  complaints 
from  pharmaceutical  companies  and  the 


health-care  industry  that  the  FDA  didn’t 
move  fast  enough,  Congress  told  the  agency 
to  put  a  premium  on  speed.  That  year,  law¬ 
makers  passed  the  Prescription  Drug  User 
Fee  Act  so  that  the  FDA  could  charge  drug 
companies  fees  for  new  drug  applications. 
The  agency  used  the  money  to  hire  more 
reviewers  and  to  invest  more  in  IT  to  speed  up 
the  drug  approval  process.  Paper  applica¬ 
tions  for  new  drugs— stacks  of  some  reached 
as  high  as  six  feet,  brimming  with  stats  from 
clinical  trials— were  part  of  the  problem. 

Previously,  top  FDA  managers  had  not 
considered  IT  to  be  a  central  component  to 
balancing  the  competing  imperatives  of 
caution  and  speed.  IT  was  more  of  a  sup¬ 
port  service,  and  scientists  didn’t  question 
what  the  department  delivered. 

Meanwhile,  IT  planning  or  buying  deci¬ 
sions  were  primarily  made  by  the  IT  direc¬ 
tors  in  each  of  the  eight  centers.  The  higher 
profile  centers,  such  as  the  CDER,  which 
handles  drug  approvals,  got  more  money 
and  better  equipment.  But  even  still,  the  FDA 
ran  mostly  on  disparate  legacy  systems. 

The  FDA  hasn’t  tracked  how  much  of  the 
$1.5  billion  collected  in  drug  fees  went  to 
improving  IT,  but  after  10  years,  technology 
still  wasn’t  helping  FDA  scientists  with  their 
decision-making  process.  The  agency  wasn’t 
even  keeping  up  with  the  basics.  Former  CIO 
Jim  Rinaldi  recounts  that  when  he  got  to  the 
FDA  in  2002  he  found  1,800  new  PCs  owned 
by  the  CDER  that  had  been  sitting  in  a  ware¬ 
house  for  nine  months,  still  in  their  boxes. 

In  a  2002  survey  by  the  inspector  gen¬ 
eral  of  the  Department  of  Health  and  Human 
Services,  58  percent  of  the  CDER  scientists 
said  they  did  not  have  enough  time  “to  con¬ 
duct  an  in-depth,  science-based  review”  for 
drugs  that  were  put  on  the  fast  track. 

Around  the  same  time,  new  approaches 
to  treatment  were  affecting  how  the  FDA 
did  its  job.  The  boundaries  between  drugs, 
biologies,  medical  devices  and  other  FDA- 


58 


MARCH  15,  2006  |  www.cio.com 


powerful 


informed 

unstoppered 

foundation 

exhibit 


enterPr,Se  control  optimize  go 

support  trust 

expose  ,  . .  .  _  available 

T  undecided  afford  ;  p 

undefendable  lawless  Q 

\  \j  V  /Wegntea  "  oonnoct.vity 

safeguard  \  \  \  \  ?  A  l  i  P  sP'ead 

•\\}l![  f  / ,/  -O.spread  out  start  up 

undetermined  assailable  ?  '  1?*/  //  A' 

unresolved  .  o  ..enterprise  journey 

cross-platfoj'nr^ opened 

Open  O  sdO  capable  aCCeSS 

ro  us  ©  -  -  -  1  passwords 

^  /  [  '  j  0  O  unfastened 

'•identity 


_  _  A  /  //.'/I  t  \\/©  unfastened 

secure  /  //pf\V\\ 

//  /  ;  f"  T  \  \  immediate 

O  blatant  ' '  - . 


C5  blatant 

standardized 

Identity 

Manager  subject 


\\  \  \ 

painless 

multiple 

open  air  r 

logins 


efficient  \ 


active 


complete 


candid 


confidence 


ROI 


DEFINE  YOUR  OPEN  ENTERPRISE™ 

In  my  open  enterprise,  confidence  flows 
freely  because  information  flows  securely. 

Every  identity,  transaction  and  document  represents  a  possible  security 
risk  for  your  company.  A  risk  that  could  cost  you  millions  in  litigation 
and  overhead  associated  with  data  and  intellectual  capital  theft — 
plus  your  reputation  and  brand  equity.  Security  and  Identity  solutions 
from  Novell®,  the  most  proven  in  the  industry,  centralize  identity 
management,  reducing  the  complexity  and  costs  of  managing  users 
and  access,  all  while  ensuring  regulatory  compliance  for  you. 

There’s  no  better  way  to  secure  your  enterprise.  Or  to  ensure 
that  your  data  is  working  for  you  and  not  against  you. 

Security  and  Identity  solutions  from  Novell. 

This  is  the  way  to  secure  your  open  enterprise. 


V 


Novell. 

This  is  your  open  enterprise." 

www.novell.com/secure 


Copyright  ©  2006  Novell,  Inc.  All  Rights  Reserved.  Novell  and  the  Novell  logo  are  registered  trademarks; 
This  is  your  open  enterprise  and  Deline  your  open  enterprise  are  trademarks  of  Novell,  Inc.  in  the 
United  States  and  other  countries.  All  third-party  trademarks  are  the  property  ol  their  respective  owners. 


Enterprise  Risk  Management 


regulated  products  were  beginning  to  blur. 
For  example,  a  stent  designed  to  keep  an 
artery  open  is  coated  with  a  medication  that 
keeps  blood  from  clotting.  Is  it  a  drug  or  a 
medical  device?  The  expertise  to  review 
such  a  product  resides  in  two  separate  cen¬ 
ters,  the  CDER  and  the  Center  for  Devices 
and  Radiological  Health.  But  they  operated 
on  different  IT  platforms,  used  different 
network  technology,  ran  multiple  versions 
of  Oracle  databases  (with  different  data 
standards  and  nomenclature)  and  had  their 
own  security  measures.  The  systems  could¬ 
n’t  communicate,  and  thus,  the  scientists 
couldn’t  create  the  workflow  necessary  to 
do  a  thorough  review  of  products  that  fell 
into  multiple  categories. 

Under  Rinaldi,  the  agency  spent  the  first 
two  years  of  the  modernization  project 
focused  on  reducing  costs  by  revamping 
the  IT  organization  and  its  business  pro¬ 
cesses.  In  2003,  the  FDA  created  a  central 
Office  of  Shared  IT  Services,  consolidating 
15  contracts  covering  such  services  as  help 
desk  and  desktop  support.  And  in  March 
2004,  the  IT  function  was  completely  reor¬ 
ganized,  so  that  the  CIOs  in  each  center 
reported  directly  to  the  FDA  CIO,  giving 
the  agency  CIO  more  control  over  technical 
standards  and  purchasing. 

While  these  steps  did  nothing  to  directly 


from  taking  full  advantage  of  technology 
to  reduce  review  times  and  provide  more 
efficient  access  to  the  clinical  trial  data  the 
scientists  needed  to  make  decisions  on  a 
drug’s  safety. 

“We  weren’t  thinking  of  risk  manage¬ 
ment  explicitly,  [but]  we  were  thinking  of  it 
implicitly,”  Rinaldi  says.  “The  way  we 
thought  about  it  was,  we  knew  IT  was  cen¬ 
tral  to  getting  the  right  information  to  the 
right  person  at  the  right  time.  Only  later 
did  we  start  thinking  that  what  we  were 
doing  was  actually  mitigating  risks.” 

A  MORE  EFFICIENT  WORKFLOW 

The  FDA  had  the  foundation  of  a  new 
workflow  in  a  series  of  electronic  applica¬ 
tions  for  new  product  approval  that  it 
launched  in  the  1990s.  But  the  forms 
weren’t  standard  across  the  agency  (man¬ 
ufacturers  submitted  their  data  using  only 
paper  forms).  Meanwhile,  there  was  no 
common  system  to  accept  and  route  the 
applications  to  the  members  of  an  FDA 
review  team,  and  no  concrete  plans  to  cre¬ 
ate  an  automated  workflow. 

The  Center  for  Biologic  Evaluation  and 
Research  (CBER)  was  one  of  the  most 
advanced,  in  that  it  accepted  electronic 
applications  in  PDF  form  and  had  the 
beginnings  of  an  automated  workflow 


he  agency  is  beginning  to 
assess  how  it  can  use  IT 
to  address  risks  that  come 
from  outside  its  walls. 


address  the  FDA’s  workflow  problem, 
Rinaldi  (who  left  the  FDA  last  summer  to 
become  CIO  at  NASA’s  Jet  Propulsion  Lab¬ 
oratory)  realized  that  consolidation  could 
accomplish  more  than  cutting  costs.  It 
could  also  mitigate  the  risks  in  the  approval 
process  that  derived  from  incompatible  sys¬ 
tems  by  enabling  new,  integrated  workflow 
processes.  The  media  was  hammering  the 
agency  about  its  Vioxx  oversight.  From  his 
discussions  with  the  center  directors, 
Rinaldi  concluded  that  the  agency’s  legacy 
of  incompatible  systems  was  preventing  it 


process.  Reviewers  who  worked  for  the  bio¬ 
logies  center  could  access  the  applications 
online,  but  members  of  the  review  team 
from  other  centers  had  to  manually  thumb 
through  printouts  of  the  files  to  find  what 
they  needed.  Other  centers  relied  even  more 
heavily  on  the  old  manual  processes.  “That 
really  slowed  things  down,  and  made  it 
more  likely  that  [reviewers]  were  getting 
out-of-date  information”  from  the  paper 
files  they  accessed,  Rinaldi  says. 

Given  the  beating  the  agency  was  taking, 
it  was  easy  to  get  the  center  directors  to  agree 


in  principle  that  they  needed  to  automate 
their  workflow  processes  in  order  to  take 
advantage  of  the  electronic  application.  The 
risk  mitigation  argument  carried  the  day. 

“Those  in  the  centers  who  dealt  with 
reviews  every  day  were  the  ones  who  really 
got  risk  management,  and  how  to  make  IT 
a  part  of  it.  It  was  obvious  we  had  to  start 
with  how  work  flows  through  the  centers,” 
recalls  Rinaldi. 

Now  came  the  hard  part:  devising  a 
workflow  that  could  be  used  by  every  cen¬ 
ter.  Rinaldi  could  not  simply  transfer  the 
workflow  system  from  the  biologies  center 
to  the  drug  evaluation  center  because  the 
biologies  center’s  workflow  system  could 
not  be  scaled  to  handle  the  drug  center’s 
workload.  Rinaldi  knew  that  if  he  tried  to 
force  the  biologies  center’s  solution  onto 
the  drug  center,  he  risked  creating  a  sys¬ 
tem  that  provided  less  functionality  and 
that  would  not  be  robust  enough  to  cut 
review  times  and  provide  better  informa¬ 
tion  to  scientists. 

Early  in  2003,  as  the  IT  department  reor¬ 
ganization  was  proceeding,  Rinaldi  and 
Farmer  (who  was  director  of  IT  programs  at 
the  time)  convened  a  meeting  with  repre¬ 
sentatives  from  the  FDA’s  centers  to  begin 
defining  a  common  workflow.  The  group 
spent  the  first  two  hours  in  “spirited  discus¬ 
sion”  pointing  out  how  each  center’s  work- 
flow  processes  were  unique,  recalls  Leonard 
Wilson,  the  chief  business  enterprise  archi¬ 
tect  at  CBER,  who  is  responsible  for  imple¬ 
menting  CBER’s  managed  review  process. 
At  one  point,  Wilson  recalls,  he  noticed  that 
each  center  performed  the  same  tasks— they 
just  called  them  different  things. 

Once  Wilson  pointed  out  the  similarities 
in  the  centers’  processes,  the  next  hour  of 
discussion  focused  on  identifying  the  steps 
in  the  workflow  process  the  centers  had  in 
common.  And  so  on.  “We  had  become  inef¬ 
ficient  in  many  areas  because  we  simply 
had  local  language  barriers,”  Wilson  says. 

That  discussion  led  to  two  IT  initiatives: 
the  development  of  a  single  intranet,  based 
on  enterprise  technology  standards,  which 
is  currently  being  rolled  out,  and  the  begin¬ 
nings  of  an  FDA-wide  automated  workflow 
system,  which  is  still  under  development. 

The  point  of  the  workflow  system  is  to 
give  each  center  the  components  to  create  a 


6  0 


MARCH  15,  2006  |  www.cio.com 


Cs1? 

g.&§- 

<d  2  5 

-t  o 
U»  5*  (/> 
IT  O  (/> 
—•(TO 
ID  s< 


•5! 

<  • 

c 

•  f 

CO 

ST 

1  s 

INNOVATE,  D 

o 

s 

in>. 

(D 

5 

^  OD  = 

□  QJ  U 
Q-  Q.  CD 
CO  — 

3  |. 

o  crq 

O  -, 


3  ^  O 

fD  °  — 

(/>(/>  O 
(/>  CD  </» 

00  "g-  =' 

l»g 

SJ  “ 

CL  rD 
CD  (/) 


o  -D 
Q)  0Q 


O  Q 
O  (D 


JTiP  (C 
CD  1  ^ 

cr  cd  cr 

O  !B  O 
can 
<-*■  fD  O 
a)  ^  3 

o.  ^  m 

°-  o  o 

CD  3 

w  fi> 


CO 

OQ 

r~f~ 

3 

3" 

c 

CD 

CO 

C — t- 

Q_ 

CD 

cr 

(D 

3 

CD 

cr 

3 

o 

CL 

»— *- 
zr 

CO 

CD 

o 

— H 

o 

rH h 

o 

3" 

— s 

CD 

"O 

o 

cr 

c 

CD 

CO 

f  t 

CD 

3 

CD 

CD 

CO 

3 

CO 

Q- 

CD 

3 

r+ 

3" 

Q.  a) 

t—h 
r— r* 

<<■  ED 

CL 

TJ 

1  ^ 

\ 

CL  W 

\ 

CD  ^ 

3.  O 

:> 

£ 

7X  o 

:> 

CD  ^ 

D:  — k 
=3  CD 

b 

O'  3 

o' 

"<  Z3 

O 

b 

CD 

O 

3 

\ 

i 

CD 

CD 

Q. 

fD 

— c 

o 

C/1 

=tt 

\ 

o’ 

— i 

CO 

0)' 

< 

X 

TD 

o 

CIO’s  e-Mail  Newsletters 


The  Updated 

Management  &  Enterprise 
Information  You  Want 

Del  ivered  right  to  your  desktop 

It’sthe  best  way  to  keep  one  step  ahead  of  the  competition. 

^  CIO  Enterprise 

CRM,  ERP,  SCM,  KM,  Security  and  other  key 
enterprise  initiatives  explained. 

( ^  CIO  Insider 

Your  guide  to  the  latest  from  CIO.com. 

^  CIO  Leader 

Updates,  insights  and  advice  from  CIO.com 
on  hiring,  firingand  inspiring. 

CIO  Research  Update 

Highlights  of  CIO's  most  recent  IT  research. 

^  CIO  Store  News 

Updates  on  new  offerings  at  the  CIO  Store. 

1 ^  CIO  Magazine  Tech  Poll 

Results  of  our  monthly  surveys,  covering  IT's 
overall  health  as  well  as  spending  and  trends. 


Sign  up  now  for  CIO’s  COMPLIMENTARY  e-mail  newsletters 

www.cio.com/newsletters 


Business  Technology  Leadership 


dr 


q  *A<V 


Enterprise  Risk  Management 


workflow  of  its  own,  but  still  be  able  to  inte¬ 
grate  them.  One  component  that  Wilson  is 
helping  to  develop  is  a  standard  webpage 
for  scientific  and  regulatory  reference  infor¬ 
mation.  When  it’s  completed  (it’s  now  being 
prototyped),  a  reviewer  will  be  able  to  select 
the  type  of  product  the  application  is  for,  then 
determine  how  to  proceed  with  the  review. 
Having  this  functionality,  Wilson  says,  will 
make  it  easier  to  train  new  reviewers  because 
the  workflow  process  will  be  simpler  and 
standardized.  That  in  itself  should  enable 
the  FDA  to  conduct  reviews  and  grant 
approvals  more  efficiently,  thereby  giving 
scientists  more  time  to  do  their  analysis 
instead  of  doing  paperwork. 

MANAGING  WHAT  THEY 
CANT  CONTROL 

It’s  too  early  to  measure  the  impact  of  the 
FDA’s  latest  investments  on  its  approval 
process.  When  it  comes  to  drug  approvals,  the 
FDA  has  reduced  the  median  time  to  review 
a  priority  drug  from  15  months  in  1993  to  just 
under  seven  months  in  2003,  but  IT  con¬ 
tributed  little  to  those  gains.  Farmer  and  the 
top  managers  in  charge  of  workflow  processes 
in  the  FDA’s  centers  believe  IT  has  the  poten¬ 
tial  to  shorten  the  approval  time  more,  while 
reducing  the  risk  that  they  will  approve  prod¬ 
ucts  that  have  dangerous  side  effects. 

Meanwhile,  the  act  of  pulling  together 
managers  in  each  center  has  led  the  FDA  to 
expand  its  idea  of  how  to  manage  business 
risks  using  IT.  Before  the  Vioxx  fiasco,  IT 
was  expected  to  manage  only  the  risks  to  its 
own  operations— to  guard  against  system 
failure,  data  loss  and  security  breaches.  The 
problems  with  the  drug  approvals  got  the 
agency  focused  on  how  technology  could 
mitigate  the  risks  inherent  in  its  own  busi¬ 
ness  processes.  The  next  step,  which  the 
agency  is  just  beginning  to  assess,  is  how  it 
can  use  IT  to  address  risks  to  its  mission 
that  come  from  outside  its  walls. 

“This  is  a  very  common  reaction  to  man¬ 
aging  risks,”  says  Bob  Charette,  an  enterprise 
risk  management  expert  with  consultancy 
Itabhi.  “You  manage  the  risks  that  you  per¬ 
ceive  to  be  in  your  control,  not  the  ones  you 
perceive  are  out  of  your  control.”  And  yet, 
good  enterprise  risk  management  requires 
identifying  and  deciding  what  to  do  about 
external  risks. 


im  Rinaldi,  FDA  CIO  until  2005, 
concluded  that  the  agency’s  incom¬ 
patible  systems  were  preventing 
it  from  providing  scientists  with 
efficient  access  to  clinical  trial  data. 


For  instance,  the  agency  is  developing 
an  auditing  application,  through  which 
FDA  auditors  could  match  the  data  filed 
by  a  pharmaceutical  company  to  the  data 
the  company  keeps  internally.  Such  a  capa¬ 
bility  could  discourage  pharmaceutical 
companies  from  hiding  or  changing  data 
that  may  hurt  the  chances  for  a  drug  to  be 
approved.  (In  December,  The  New  England 
Journal  of  Medicine  posted  an  online  edito¬ 
rial  claiming  Merck  had  withheld  data  on 
heart  attacks  in  Vioxx  trials  that  would  have 
raised  warnings  about  the  side  effects  of 
the  drug.)  “What  that  gives  you  is  more 
ability  to  look  at  all  the  information  in  a 
more  comprehensive  fashion  and  bring 
forth  questions,”  according  to  the  CDER’s 
Stephen  Wilson. 

One  promising  idea,  according  to  phar¬ 
maceutical  industry  experts,  is  a  system  that 
would  track  the  performance  of  drugs  once 
they  are  on  the  market.  Adverse  effects  from 
drugs  in  a  clinical  trial  may  seem  statisti¬ 
cally  insignificant  in  a  sample  of 3,000  peo¬ 
ple,  or  the  trial  may  not  test  for  a  particular 
side  effect.  But,  as  was  the  case  with  Vioxx, 
once  a  drug  is  on  the  market  and  80  mil¬ 
lion  people  begin  taking  it,  new  or  more 
pernicious  side  effects  become  noticeable. 

Using  an  automated  system,  the  FDA 
could  more  easily  collect  reports  of  adverse 
effects  from  health-care  professionals  so  that 
warnings  could  be  issued  or  drugs  with¬ 
drawn  from  the  market  more  quickly.  The 
idea  for  such  a  system  has  been  discussed  for 
years,  but  it  wasn’t  until  2002  that  Congress 
directed  the  FDA  to  dip  into  the  application 
fees  paid  by  pharmaceutical  companies  to 
develop  it. 

An  aftermarket  tracking  system  might 
also  illuminate  ways  the  agency  could 
improve  the  drug  approval  process,  says 
Scott  Gottlieb,  a  physician  and  deputy  com¬ 
missioner  for  medical  and  scientific  affairs 
at  the  FDA.  At  its  most  sophisticated,  such 


a  system  could  gather  data  in  real-time  from 
electronic  health  records,  flag  possible  cor¬ 
relations  between  drugs  and  adverse  effects, 
and  rapidly  report  those  to  FDA  officials. 

Because  the  system  has  such  potential  to 
mitigate  risks  beyond  the  FDA’s  control, 
Charette  thinks  the  agency  should  have 
made  it  a  priority  much  earlier.  Organiza¬ 
tions  need  to  identify  the  five  biggest  risks 
they  face  and  tackle  those  first.  The  biggest 
risks  tend  to  be  systemic  ones— risks  that 
affect  the  entire  organization  but  are  per¬ 
ceived  to  be  out  of  its  control.  “You  don’t 
build  security  into  a  system  after  it’s  [done],” 
Charette  notes.  “You  build  it  in  on  the  front 
end.  It’s  the  same  with  enterprise  risk  man¬ 
agement.  You  consider  [risk]  when  deciding 
what  systems  to  build  and  what  business 
processes  to  automate.” 

Gottlieb  agrees  that  the  FDA  could  have 
pushed  harder,  but  cites  such  obstacles  as  a 
fragmented  health  system  (in  which  there  is 
little  automation  of  health  records),  the  need 
to  protect  patient  privacy  and  a  lack  of  fund¬ 
ing  (five  years  ago,  the  FDA  estimated  the 
system  would  cost  $200  million)  as  reasons 
why  the  agency  has  put  off  this  develop¬ 
ment.  Now,  however,  it  is  looking  into  tap¬ 
ping  health  insurance  databases  to  search 
for  drug  effects  and  has  begun  to  research 
system  requirements.  Rinaldi  says  there 
was  no  way  he  could  even  begin  to  convince 
FDA  managers  that  an  aftermarket  IT  sys¬ 
tem  could  help  them  until  he  fixed  the  atro¬ 
cious  state  of  IT  throughout  the  agency.  That 
was  a  bigger  risk  to  the  enterprise,  he  says, 
because  it  threatened  scientists’  ability  to 
do  their  jobs  quickly  and  thoroughly  on 
every  review. 

Says  the  CDER’s  Stephen  Wilson,  “We’re 
just  beginning  to  look  over  the  hill  now  to 
see  what  is  possible.”  ran 


Washington  Bureau  Chief  Allan  Holmes  can  be 
reached  at  aholmes@cio.com. 


6  2 


MARCH  15,  2006  I  www.cio.com 


Get  Control 
Over  Your 
Telecom 


The  Result:  Visibility  for  Increased  Savings. 

Telecommunications  is  a  top  expense  for  most  enterprises.  With  the  rapid  expansion  of  new  technologies,  wireless 
communications  and  data  services,  organizations  have  the  huge  challenge  of  controlling  their  costs  and  optimizing 
their  investments. 


Control  Point  Solutions  is  the  leader  in  telecommunications  expense  management  BPO.  We  provide  domain  expertise¬ 
combining  knowledge  of  technology,  finance  and  networks-to  proactively  manage  over  $7  billion  in  annual  expenses  for 
our  clients.  We  have  reduced  our  clients’  expenses  by  more  than  $1 .5  billion  annually  . . .  imagine  what  we  can  do  for  you. 


Account  for  and  manage  your  dynamic  inventory 
Realize  invoice  processing  efficiencies 
Gain  visibility  and  control  of  your  total  spend 
Capture  savings  and  optimize  network  investments 


Contact  us  today  and  get  control  over  your  telecommunication  expenses. 


800.933.5429 

controlpointsolutions.com 


control  poirat 


SOLUTIONS 


Data  Security 


Last  yearr  CartManager  International,  a  provider  of  online 

shopping  cart  and  checkout  software,  sold  personal  information  on  1  million 
customers  to  a  third  party  for  $9,000.  The  data  included  names,  credit  card 
numbers,  phone  numbers  and  dollar  amounts  of  purchases.  Not  only  were  those 
customers  not  CartManager’s  to  begin  with  but  selling  their  information  vio¬ 
lated  the  privacy  policies  of  many  of  the  merchants  from  which  CartManager  had 
obtained  the  information. 

It  was  not  a  wise  move. 

Angry  customers  (who  had  been  solicited  by  the  company  that  bought  their  per¬ 
sonal  data)  complained  to  the  merchants  that  used  CartManager  on  their  websites. 
The  merchants,  in  turn,  complained  to  the  Federal  Trade  Commission,  claiming  Cart¬ 
Manager  had  violated  their  privacy  policies.  “It’s  simple,”  reads  a  privacy  policy  on 
a  website  operated  by  one  merchant  using  CartManager.  “We  don’t  sell,  trade,  or  lend 
any  information  on  our  customers  or  visitors  to  anyone.”  The  FTC  charged  Cart- 


Contrary  to  popular  belief,  protecting  the  privacy  of  customer  data  and  making 
a  profit  are  not  mutually  exclusive  goals.  Several  leading  companies  have 
accomplished  both. 


BY  ALLAN  HOLMES 


Reader  ROI 

::  Why  establishing  strict  privacy 
controls  over  customer  data  is 
good  business 

::  How  to  manage  the  trade-off 
between  protecting  sensitive 
data  and  exploiting  it 

::  Which  companies  have 
emerged  as  privacy  pioneers 


Manager  with  an  unfair  practice  and  levied  a  fine  of  $9,000— equal  to  the  amount 
the  company  had  received  from  selling  the  information. 

The  size  of  the  monetary  penalty  should  fool  no  one.  The  real  damage  has 
been  to  CartManager’s  reputation.  “This  happened  almost  a  year  ago,  and  it  still 
hangs  out  there  in  articles,”  laments  Justin  Hill,  head  of  sales  for  CartManager.  “It’s 
hard  for  it  to  go  away.” 

Truer  words  were  never  spoken.  The  issue  of  data  privacy  is  not  going  away 
for  any  business  or  organization  that  stores,  uses  or  sells  personal  data  on  cus¬ 
tomers  or  members.  Recent  publicity  about  personal  data  stolen  or  hacked  from 
Bank  of  America  and  ChoicePoint  has  only  heightened  the  public’s  concern  over 
the  security  and  privacy  of  information  they  provide  to  businesses. 

This  mounting  concern  is  now  affecting  the  future  of  online  e-commerce.  Even 
online  banking— until  this  year  the  fastest-growing  segment  of  online  activity 
since  2000— is  not  immune.  The  percentage  of  Americans  using  online  banking 
services  has  stalled  at  39  percent  after  a  period  of  blistering  growth,  according  to 
an  August  2005  survey  conducted  by  the  market  research  firm  Ipsos  Group.  The 
primary  reason:  73  percent  of  consumers  say  they  are  avoiding  online  banking 
because  they  are  concerned  that  banks  do  a  poor  job  of  protecting  their  privacy, 
including  selling  personal  information  to  other  businesses,  Ipsos  reports. 


sea 


* - } 


Charles  Giordano. 

associate  director  of 
privacy  marketing  strat¬ 
egy  at  Bell  Canada,  works 
closely  with  the  marketing 
managers  to  make  sure 
the  telco's  privacy  policy 
is  adhered  to. 


!:^':iu0rr  ■;  %p§j§8 

Data  Security 


Although  e-commerce  is  still  increasing  (holiday  online  shop¬ 
ping  increased  by  30  percent  last  year),  54  percent  of  consumers 
said  they  have  curtailed  online  shopping  because  of  privacy  fears, 
according  to  a  2005  survey  conducted  by  Javelin  Strategy  & 
Research.  That  concern  translates  into  a  loss  of  $5.5  billion  of 
annual  online  revenue,  Javelin  reported. 

Faced  with  this  backlash,  state  and  federal  regulatory  agencies 
are  beginning  to  respond.  California  has  already  passed  strong 
privacy  legislation  that  requires  financial  institutions  to  obtain 
permission  from  customers  before  sharing  personal  information 
with  nonaffiliated  companies.  Another  California  law  requires 
other  businesses  to  report  to  customers  if  they  share  personal  infor¬ 
mation  with  nonaffiliated  companies.  Twenty-one  states  have 
passed  laws  that  require  companies  to  contact  customers  if  a  secu¬ 
rity  breach  occurs.  On  a  national  level,  more  than  a  dozen  data 
security  bills  have  been  introduced  in  Congress  this  year.  They 
vary  in  severity,  the  strictest  requiring  all  companies  to  notify  con¬ 
sumers  whenever  there  is  a  data  breach  and  give  those  consumers 
the  ability  to  see  and  correct  information  collected  about  them. 
Experts  say  some  kind  of  legislation  on  data  security  and  privacy 
will  almost  certainly  be  passed  this  year. 

“There  will  be  legislation  to  tighten  up  privacy,”  says  Chris 
Hoofnagle,  senior  counsel  for  the  Electronic  Privacy  Information 
Center.  “And  if  not  legislation,  there  will  be  more  regulation.” 

Government  intervention  aside,  many  experts  argue  that  care¬ 


fully  thought-out  privacy  controls  make  good  business  sense.  Larry 
Ponemon,  the  founder  and  chairman  of  the  Ponemon  Institute, 
has  some  evidence  to  back  up  that  assertion.  He  measured  “privacy 
trust  scores”  for  more  than  1,000  companies  by  asking  customers 
to  rank  on  a  scale  of  one  to  five  how  much  they  trust  the  companies 
with  which  they  do  business.  For  each  company,  Ponemon  asked 
consumers  more  than  20  questions,  including  how  much  they 
believe  the  company  is  committed  to  protecting  their  personal 
information,  how  accurate  and  trustworthy  they  believe  the  infor¬ 
mation  in  the  company’s  privacy  policy  is,  and  if  they  believe  the 
company  would  do  the  right  thing  in  a  case  of  a  data  breach.  From 
the  rankings,  Ponemon  calculated  weighted  privacy  trust  scores  for 
each  company.  The  higher  the  score,  the  more  consumers  trusted 
a  company.  Ponemon  then  measured  the  rate  at  which  consumers 
responded  to  marketing  campaigns,  be  it  direct  mail  or  Web  adver¬ 
tising.  The  higher  the  privacy  score,  the  higher  the  response  rate  to 
marketing  campaigns— and  the  higher  the  company’s  revenue. 
Taking  measurements  over  time,  Ponemon  determined  that  just  a 
1  percent  increase  in  a  privacy  trust  score  would  translate  into  an 
increase  of  tens  of  millions  of  dollars  in  revenue. 

“The  perception  of  how  well  a  company  manages  privacy  has 
quite  an  astounding  impact  on  sales,”  Ponemon  says. 

CIOs  can  play  a  major  role  in  boosting  their  companies’  “privacy 
scores.”  Because  customer  data  resides  in  databases,  it  is  the  CIO 
who  is  in  the  position  to  suggest  certain  privacy  policies  and  spear- 


66  MARCH  15,  2006  |  www.cio.com 


PHOTO  BY  JOHN  HRYNIUK 


Knowledge  at  Your  Fingertips 

on  ClO.com’s  White  Paper  Library 

VisittheCIO.com  WhitePaper  Library  for  case  studies 
and  educational  tools,  searchable  by  IT  categories. 


White  Paper  Topics  Include: 
»  Business  Continuity 

»  Business  Intelligence 

» IT  Management 

»  Mobile/Wireless 

»  Open  Source 

»  Outsourcing 

»  Privacy  &  Security 

»  SOA/Web  Services 

»  Software 

»  Storage 


1  vnife  PaPer  / 

“SsssP? 


****  or  i 


Commit. . 


. . 


^“tatens. 


»VOIP 


Business 

Technology 

Leadership 


Data  Security 


head  programs  to  put  them  into  action.  CIOs  who  work  for  com¬ 
panies  with  strong  track  records  in  this  area  say  there  are  a  num¬ 
ber  of  ways  IT  can  be  used  to  enhance  a  company’s  privacy 
reputation.  These  corporate  pioneers  make  sure  privacy  is  part  of 
every  executive  discussion  about  new  products,  services  or  inter¬ 
nal  use  of  customer  information.  And  they  ask  their  customers 
how  they  want  their  personal  information  handled.  Furthermore, 
while  most  large  companies  offer  an  opt-out  feature  for  customers 
who  do  not  want  their  personal  information  used  for  marketing 
purposes  or  research  (although  even  that  feature  is  often  hidden 
in  the  fine  print  of  privacy  policies),  the  pioneers  routinely  adopt 
opt-in,  rather  than  opt-out,  policies.  And  they  have  found  that 
these  practices  help  their  companies  improve  customer  relation¬ 
ships,  ultimately  contributing  to  a  better  bottom  line. 

“That’s  the  real  benefit  of  this,”  says  Charles  Giordano,  associate 
director  of  privacy  marketing  strategy  at  Bell  Canada  and  former 
associate  director  of  data  governance  and  strategy.  “Opt-in  and 
other  privacy  controls  force  you  to  look  at  the  business  value  rather 
than  just  accessing  customer  information  for  information’s  sake.” 

Bell  Canada  and  other  privacy  pioneers  also  give  customers 
access  to  their  personal  data  and  closely  monitor  which  employ¬ 
ees  have  access  to  that  data.  They  say  privacy  must  be  ingrained 
in  the  corporate  culture,  which  includes  nonstop  education,  mak¬ 
ing  it  a  part  of  employee  performance  reviews  and  enforcing 
meaningful  punishments  for  not  adhering  to  privacy  policies. 

“Times  have  changed,”  says  Alan  Westin,  head  of  Privacy  & 


American  Business.  “If  you  are  the  CIO,  you  have  to  go  to  the  boss 
and  say,  ‘It  isn’t  like  the  old  days.  Unless  we  spend  more  money 
and  more  time  on  data  security,  our  customer  trust  and  reputa¬ 
tion  can  go  down  the  toilet.’” 

Protecting  Customer  Data:  A  Cost/Benefit  Analysis 

Privacy  policies  that  strictly  protect  customers’  personal  data 
may  seem  draconian,  almost  a  noose  around  companies  that  rely 
on  mining  their  customer  data  to  better  target  new  products  and 
services,  or  that  make  a  few  bucks  in  selling  lists  to  other  com¬ 
panies.  But  good  privacy  policies  are  not  dams.  They  are  more  like 
finely  tuned  control  valves  that  direct  the  flow  of  information 
where  customers— along  with  company  executives— want  it  to 
flow  for  the  best  outcome. 

That’s  why  good  privacy  practitioners  follow  the  first  rule  of 
valuing  the  information  they  have— figuring  out  what  the  infor¬ 
mation  is  worth  to  them  in  helping  meet  specific  goals,  be  it  bet¬ 
ter  health  or  more  revenue— versus  protecting  that  information  so 
that  others  cannot  view  or  abuse  it.  That’s  the  balancing  act  John 
Glaser,  CIO  at  Partners  Healthcare  System  in  Boston,  was  faced 
with  when  developing  the  health-care  organization’s  intranet.  All 
health-care  providers  who  have  privileges  at  Partners’  eight  hos¬ 
pitals  and  medical  centers  and  the  administrative  and  clinical 
staffs  (37,000  in  all)  have  access  to  the  intranet  to  check  the  elec¬ 
tronic  medical  records  of  patients.  Glaser  knew  the  intranet  must 
protect  patients’  records  from  unauthorized  users,  as  well  as  from 


Do  You  Know  Where  Your  Customers'  Personal  Information  Is? 

As  the  guardians  of  data,  CIOs  need  to  know  where  all  that  treasure  is  hidden 


As  CIO,  you  may  think  that  you  know 
where  the  company  has  stored  all  the 
personal  data  of  its  customers.  But  the 
privacy  experts  interviewed  for  this  article 
say  that  is  very  unlikely.  “You’d  be  sur¬ 
prised  how  many  CIOs  don’t  know  where 
all  the  personal  information  resides,”  says 
Larry  Ponemon,  founder  and  chairman  of 
the  Ponemon  Institute. 

So  a  good  place  to  start  in  building  a 
sound  privacy  framework  is  to  find  out 
what  personal  data  you  have  on  cus¬ 
tomers  and  where  it  is  stored,  says  Tess 
Kolczek,  chief  privacy  officer  at  E-loan. 
That  requires  discussions  with  the  heads 
of  each  business  unit  and  possibly 
midlevel  managers  to  find  out  exactly 
what  has  been  squirreled  away  in  hard-to- 


find  files  and  databases.  Such  discus¬ 
sions  can  unearth  the  hidden  troves  of 
data  that  could  create  a  privacy  breach  for 
the  business  if  accessed  by  someone  not 
authorized  to  do  so. 

Once  you  find  the  data,  a  good  practice 
to  follow  is  to  classify  it  into  three  cate¬ 
gories,  Ponemon  says:  first,  highly  sensi¬ 
tive,  which  if  accessed  or  abused  could 
lead  to  a  lawsuit  or  identity  theft  (names, 
addresses,  Social  Security  and  credit  card 
numbers,  medical  information):  second, 
somewhat  sensitive,  which  if  released 
could  embarrass  individuals  or  be  used  to 
discriminate  against  them  (life  events 
such  as  anniversaries  and  birthdays);  and 
third,  not-so-sensitive,  which  cannot 
harm  any  individual  (usually  aggregate 


data).  The  categories  will  let  you  know 
what  security  and  privacy  protections  you 
should  put  in  place;  the  more  sensitive  the 
data  is,  the  stricter  the  measures. 

It’s  also  important  for  CIOs  to  know  how 
personal  information  flows  throughout  the 
company  and  outside  to  third  parties  with 
whom  the  company  has  signed  service 
contracts.  At  E-loan,  Kolczek  says  she  con¬ 
ducts  a  data  flow  audit,  a  chart  that  shows 
where  the  data  enters  the  system,  how  it 
flows  to  other  parts  of  the  company  and 
how  each  group  uses  the  information. 

"You  don’t  have  to  know  everyone’s  job 
intimately,"  she  says,  “but  you  need  to 
know  what  each  group  does  with  the  infor¬ 
mation  and  how  it  transfers  it  out.” 

-A.H. 


68  MARCH  15,  2006  |  www.cio.com 


Change. 

Markets  change, 

Partners  change, 

And  you’ve  changed  too. 

From  IT  leader, 

To  business  leader, 

To  corporate  strategist: 

Coordinating  business  initiatives 
And  conquering  technical  complexities 
That  are  worse  than  your  worst  nightmares. 

Delivery  is  your  only  choice, 

Innovation  your  finest  tool. 

Because  change  is  business, 

You  embrace  it  daily  -  and  wrestle  it  to  the  ground. 


THAT’S  BUSINESS  TRANSFORMATION,  YOUR  WAY. 

It’s  what  you  demand. 

SATYAM  DELIVERS. 


Satyam 


What  Business  Demands. 

One  Gatehall  Drive  Parsippany,  NJ  07054  1-800-450-7605  www.satyam.com  US@satyam.com 

Americas  /  Europe  /  Asia-Pacific  /  Middle  East  /  Africa 


Data  Security 


health-care  providers  who  should  not  be 
looking  at  the  records,  but  he  also  knew  the 
records  had  to  be  easily  accessed  and  imme¬ 
diately  available  so  that  doctors  and  other 
health-care  providers  could  administer  the 
best  care  in  an  emergency. 

As  a  result  of  that  value  analysis,  Part¬ 
ners’  intranet  does  not  have  a  complicated 
identity  management  application  that  con¬ 
trols  access  to  patient  records.  When  a 
health-care  provider  or  administrator  signs 
onto  the  intranet  to  check  a  patient’s  health 
record,  the  user  must  provide  her  name 
and  relationship  to  the  patient,  whether 
she  is  the  patient’s  personal  physician, 
attending  nurse  or  lab  technician.  How¬ 
ever,  there  is  no  electronic  means  to  verify 
the  provider’s  identity  through  a  password 
or  some  other  second-factor  identification. 

“Technically,  we  have  never  been  able  to 
figure  out  how  to  do  that,”  Glaser  says,  or  at 
least  how  to  do  it  in  a  way  that  would  not 
hamper  providing  health  care  for  patients. 

Glaser  says  when  a  patient  comes  in  to  the 
ER  because  he  suffers  from,  say,  cardiac  arrest,  and  other  compli¬ 
cations  are  found,  such  as  a  malignant  tumor,  specialists  have  to  be 
consulted  immediately.  “You  are  smothered  with  people,  and  you’d 
better  be  smothered  with  people,”  Glaser  says.  “We  have  no  idea 
who  has  been  called  in  to  consult  on  a  patient.  We  have  to  protect 
privacy,  but  we  don’t  want  to  unintentionally  shut  out  a  provider 
that  can  give  the  proper  care  now.” 

When  immediate  access  isn’t  such  a  high  priority,  and  per¬ 
sonal  information  is  handled  by  a  wider  set  of  people,  a  more 
strict  value  set  should  be  applied.  At  health  researcher  I2B2— 
which  stands  for  Informatics  for  Integrating  Biology  and  the 
Bedside,  a  federally  funded  research  program  at  Partners  Health- 
Care  System— doctors  are  developing  a  protocol  that  requires 
asking  the  permission  of  people  before  collecting  their  DNA.  In 
addition,  researchers  must  follow  a  defined  process  for  accessing 
patients’  health  records  and  then  comparing  their  DNA  to  the 
medical  histories  to  find  links  and  causes  for  genetic  diseases, 
along  with  possible  treatments. 

Because  such  information  could  be  so  readily  abused  (employ¬ 
ers  could  conceivably  refuse  employment  to  people  with  a  certain 
genetic  makeup,  for  instance)  the  value  bar  researchers  must  clear 
to  access  such  information  has  to  be  higher.  “The  investigators 
allowed  to  see  this  genetic  data  are  also  required  to  sign  contracts 
saying  they  will  not  share  the  data  with  anyone,”  says  Dr.  Shawn 
Murphy,  principal  investigator  at  Massachusetts  General  Hospital 
and  a  founder  of  I2B2. 

Find  Out  What  Your  Customers  Want 

One  of  the  best  ways  to  place  a  value  on  personal  information  is 
to  let  the  customer  decide  the  value  of  it.  That  might  seem  coun¬ 


terintuitive,  but  it  works  for  E-loan,  an 
online  provider  of  mortgages  and  car  and 
personal  loans.  E-loan  has  built  its  repu¬ 
tation  on  providing  strict  privacy  policies. 
On  its  website,  E-loan  states  it  has  “Lend¬ 
ing’s  strictest  privacy  policy.” 

In  its  online  home  equity  and  car  loan 
application  forms,  E-loan  asks  customers 
if  they  want  to  opt  out  of  sending  their 
application  to  an  overseas  third-party 
processor.  If  they  opt  out,  E-loan  sends  the 
application  to  a  domestic  processor.  Unlike 
many  other  loan  companies,  E-loan  asks 
customers  for  permission  before  it  shares 
personal  information  with  other  lenders— 
an  opt-in  policy.  E-loan  also  allows  cus¬ 
tomers  access  to  their  personal  data  to 
correct  errors. 

“Opt-in  is  where  the  value  is,”  says  Tess 
Kolczek,  chief  privacy  officer  for  E-loan. 
“That’s  where  you  get  a  better  return.” 

Ponemon  recommends  asking  cus¬ 
tomers  directly  what  information  of  theirs 
would  be  a  problem  if  it  got  into  the  wrong 
hands.  There  are  the  obvious  answers:  Social  Security  num¬ 
bers,  credit  card  numbers,  driver’s  license  numbers,  medica¬ 
tion  information  and  addresses.  CIOs  understand  the  privacy 
implications  of  releasing  that  kind  of  information.  But  CIOs 
might  not  view  other  information  as  sensitive,  even  though  cus¬ 
tomers  do.  This  information  could  include  life  events  such  as  the 
birth  of  a  child,  anniversaries  and  birthdays,  a  job  change  or 
change  in  marital  status.  Companies  may  use  such  information 
to  send  out  e-mail  pitches  associated  with  these  events  to  pro¬ 
mote  a  product  or  service,  irritating  customers  or  violating  their 
own  privacy  policies. 

The  answers  customers  provide  will  give  CIOs  the  information 
they  need  to  categorize  personal  data  as  highly  sensitive,  some¬ 
what  sensitive  or  nonsensitive.  Appropriate  protections  and  poli¬ 
cies  can  be  developed  for  each  category,  with  stricter  security 
and  privacy  policies  for  the  most  sensitive,  and  less  restrictive  for 
the  not-so-sensitive  information.  “This  helps  build  trust,” 
Ponemon  says. 

Once  values  are  established  for  different  kinds  of  personal 
data,  the  CIOs  we  talked  to  had  specific  processes  that  employ¬ 
ees  were  required  to  follow  to  make  sure  the  data  is  not  misused 
or  accessed  inappropriately.  At  Boston’s  I2B2,  researchers  are 
required  to  go  through  the  patient’s  health-care  provider  to 
obtain  a  patient’s  consent  for  information  that  is  not  in  the 
medical  record,  such  as  DNA.  Researchers  are  not  allowed  to 
contact  the  patient  directly.  The  data  is  then  encrypted  before 
it  is  sent  out  to  researchers. 

Still,  once  the  data  is  released,  there  is  no  safeguard  (other 
than  the  researchers’  professional  word  and  fear  of  sanctions 
for  violating  the  Health  Insurance  Portability  and  Accountabil- 


E-loan  asks 


customers  for 
permission 
before  it  shares 
personal  infor¬ 
mation  with 
other  lenders. 
"Opt-in  is  where 
the  value  is," 
says  Tess 
Kolczek,  chief 
privacy  officer, 
E-loan. 


7  o 


MARCH  15,  2006  |  www.cio.com 


WM£$M 


■'  ..  ;  ’  yV-'#  }  '  ’  7’ 


ProCurve  Networking 


HP  Innovation 


The  Adaptive  Network 


t 

.V- 


% 

%  ' 

% 

% 


in  completely  new  ways 


WMrnmM&M. 


ProCurve’s  strength  is  our  flexibility.  Our  Adaptive  EDGE  Architecture™ 
distributes  intelligence  from  the  core  to  the  edge,  enabling  secure, 
mobile  and  converged  networks  that  adapt  rapidly  and  cost-effectively 
to  your  changing  business  needs.  Add  to  the  equation  our  leading 
position  in  defining  industry  standards,  our  lifetime  product  warranty* 
and  our  25  years  of  innovation,  and  you  have  a  sound  case  for  making 
ProCurve  the  foundation  of  your  network. 


To  find  out  how  ProCurve  Networking  by  HP  can  improve  your  network, 
go  to  www.hp.com/leam/procurve  or  call  (800)  975-7684,  Ref.  Code  Learn. 


♦Lifetime  warranty  applies  to  all  ProCurve  products,  excluding  the  9300m  and  9400sl 
series  routing  switches,  8100fl  series  interconnect  fabric  switches  and  Secure 
Access  700wl  Series,  which  have  a  one-year  warranty  with  extensions  available. 
©  2006  Hewlett-Packard  Development  Company,  L.R  Photo:  Alan  Karchmer. 


Data  Security 


ity  Act)  that  the  data  will  not  be  released  to 
third  parties,  such  as  pharmaceutical  or 
insurance  companies.  “It  comes  down  to 
only  giving  these  things  to  people  you 
trust,”  Dr.  Murphy  says. 

The  same  precautions  the  health  indus¬ 
try  follows  can  be  employed  in  other  indus¬ 
tries.  Bell  Canada’s  Giordano  developed  a 
list  of  privacy  questions  marketing  man¬ 
agers  at  the  telecom  company  must  check  off 
when  new  services  and  products  are  being 
developed  and  readied  for  marketing.  Mar¬ 
keting  managers  must  provide  answers  to 
questions  such  as  how  the  personal  data 
will  be  collected,  with  whom  they  will  share 
the  data,  how  the  information  will  be  stored 
and  for  how  long.  Giordano  and  sometimes 
a  regulatory  officer  at  the  company  go  over 
the  answers,  and  if  any  answers  to  the  questions  violate  privacy 
policies  or  laws,  Giordano  works  with  the  managers  to  rework  the 
service  to  make  sure  the  privacy  policy  is  followed. 

Unlike  privacy  officers  in  U.S.  companies,  Giordano  has  a  big 
stick  to  wield.  In  2001,  Canada  passed  a  strict  privacy  law,  which 
sets  rules  for  how  companies  can  collect,  use  or  disclose  personal 
information.  For  example,  data  can  be  stored  only  for  however 
long  it  is  needed,  not  indefinitely.  The  law  also  gives  Canadians  the 
right  to  access  and  request  correction  of  personal  information. 
Companies  cannot  share  information  among  affiliated  compa¬ 
nies  unless  they  obtain  permission  first  from  customers. 

Selling  Privacy  Internally 

Still,  Giordano  says  Bell  Canada’s  marketing  department  was 
reluctant  at  first  to  discuss  with  company  executives  who  over¬ 
see  privacy  the  kind  of  personal  information  they  had  and  how 
they  intended  to  use  it,  fearing  that  they  might  be  prohibited 
from  continuing  certain  marketing  practices.  So  Giordano 
approached  the  marketing  managers  with  the  idea  that  he  was 
trying  to  find  ways  to  protect  privacy  but  not  necessarily  say  no 
to  the  use  of  this  data.  For  example,  Bell  Canada  collects  cus¬ 
tomer  consents  for  its  four  primary  services— wireless,  DSL, 
satellite  broadcasting  and  wireline.  In  other  words,  a  customer 
gives  the  company  permission  to  discuss  marketing  opportuni¬ 
ties  with  them  for  any  or  all  of  these  four  services.  An  onscreen 
prompt  reminds  reps  what  they  can  and  cannot  discuss  with 
customers  who  call  in. 

“The  approach  should  be:  If  you  give  us  more  information, 
we  can  help  you  with  what  you  are  trying  to  do  within  the  bounds 
of  the  law  and  our  privacy  policy,”  Giordano  says. 

There’s  much  more  that  companies  can  do  to  make  privacy  a  top 
priority  among  employees.  At  Partners  Healthcare,  the  staff  sees 
posters  in  the  halls  and  elevators  that  remind  them  of  the  HIPAA 
regulation  requiring  them  not  to  discuss  patient  data  in  public.  E- 
loan’s  Kolczek  recommends  that  CIOs  build  a  strong  relationship 
with  their  marketing  departments  to  keep  them  informed  on  new 


privacy  laws,  citations  and  how  a  new  mar¬ 
keting  practice  may  violate  the  privacy  pol¬ 
icy.  “It  can  be  a  love-hate  relationship,”  she 
admits.  “But  marketing  knows  if  something  is 
done  wrong,  our  relationship  [with  the  cus¬ 
tomer]  is  at  stake.” 

Recently,  Kolczek  had  to  convince  the 
marketing  department  that  installing  third- 
party  adware  on  E-loan’s  website  that  could 
track  a  visitor’s  viewing  habits  was  some¬ 
thing  she  felt  violated  E-loan’s  promise 
to  protect  customers’  privacy.  Marketing 
agreed  not  to  install  the  software,  she  says. 

The  Carrot-and-Stick  Approach 

At  Bell  Canada,  educating  employees  about 
privacy  includes  managers  reviewing  the 
company’s  privacy  policy  and  code  of  ethics 
with  each  employee  during  a  performance  review  and  discussing 
the  rules  governing  use  of  data,  access  and  disclosure  of  data,  and 
how  that  relates  to  the  person’s  job  function.  The  more  access  an 
employee  has  to  customers’  personal  data,  the  more  time  the 
manager  spends  on  the  review.  Employees  then  are  asked  to  sign 
a  document  pledging  they  understand  the  policies. 

And,  of  course,  all  of  these  companies  monitor  who  accesses  cus¬ 
tomers’  personal  data.  At  Bell  Canada,  a  rep  who  accesses  a  cus¬ 
tomer  account  without  that  customer  having  called  in  may  be 
flagged  for  review.  In  addition,  the  company  controls  access  to 
customer  data  on  a  need-to-know  basis.  Almost  all  access  to  per¬ 
sonal  data  is  limited  to  those  employees  who  have  direct  contact 
with  the  customer.  Giordano  is  working  with  Bell  Canada’s  CIO  to 
develop  an  application  that  pops  up  a  message  warning  employ¬ 
ees  if  they  access  information  they  should  not.  If  the  employee 
proceeds,  the  CIO  and  appropriate  manager  will  be  alerted. 

If  someone  in  the  company  does  violate  the  data  use  policies, 
company  privacy  experts  say  action  must  be  swift  and  appro¬ 
priate  to  the  violation.  At  companies  interviewed  for  this  article, 
punishments  ranged  in  severity  from  reprimands  and  transfer¬ 
ring  an  employee  to  a  less  sensitive  job  to  dismissal. 

As  these  examples  illustrate,  there  is  much  that  CIOs  can  do  to 
take  a  proactive  stance  on  privacy.  The  last  thing  their  companies 
want  is  to  be  a  sitting  duck  for  the  kind  of  disaster  that  tarnished 
CartManager’s  reputation.  After  the  FTC  citation,  CartManager 
was  sold  to  a  new  owner,  Vision  Bank  Card,  which  immediately 
instituted  a  stronger  privacy  policy.  The  policy  now  explicitly 
states  that  no  customer  information  will  be  sold  to  third  parties. 
The  FTC  also  ordered  CartManager  to  provide  “a  clear  and  con¬ 
spicuous  disclosure”  that  consumers  are  entering  their  credit  card 
and  other  personal  information  on  CartManager’s  website,  not 
the  original  merchant’s  website. 

“We’ve  changed  our  policy,”  Hill  says.  “We  now  take  privacy 
very  seriously.”  E3E1 


Washington  Bureau  Chief  Allan  Holmes  can  be  reached  at  aholmes@cio.com. 


"The  perception 


of  how  well  a 
company  man¬ 
ages  privacy 
has  quite  an 
astounding 
impact  on  its 
sales." 

-LARRY  P0NEM0N,  CHAIRMAN 
OF  THE  PONEMON  INSTITUTE 


72 


MARCH  15,  2006  |  www.cio.com 


NO  VIRUSES. 

NO  SPAM. 

NO  DOWNTIME. 
EMAIL  DONE  RIGHT. 


No  one  can  promise  complete  email  security  and  availability.  We  don’t  live  in  that  kind  of  world. 
Yet  one  company  has  earned  a  worldwide  reputation  for  making  email  as  secure  and  available  as 
it  is  important.  A  company  that  not  only  screens  out  viruses,  spam  and  spyware,  but  also  provides 
solutions  for  speedy  recovery  in  case  of  system  failure.  A  company  that  reduces  storage  costs 
by  archiving  to  secondary  storage  and  blocking  unwanted  emails.  A  company  that  provides 
management  tools  for  efficient  email  retention  and  fast  email  discovery.  A  company  that  does 
email  right.  Symantec.  Because  we  know  it’s  not  just  email,  it’s  your  business.  For  more 
information  visit  www.symantec.com/esa  or  call  800-745-6054  BE  FEARLESS. 


www.symantec.com/vision 


Symantec  Vision  2006 

May  8-11, 2006  |  MosconeWest  I  San  Francisco,  California,  U.S.A. 


Symantec 


6  Sy:T>ar'tj&Xorporation,  All  rights  reserved.  Symantec 
jje  Symantec  Logo  ar*^j»gemarks  or  registered  trademarks  of 
aritec  Corporation  i es  in  the  U.S.  and  other  countries 


View  from  the  Top 


Tom  Oreck,  president  and  CEO 
of  Oreck  Corp.,  says  the  hurri¬ 
cane  exposed  the  weak  links  in 
the  company’s  telecommunica¬ 
tions  network. 


The  CEO  of  Oreck  Corp.  credits 
quick  thinking  by  employees 
(including  his  VP  of  IT)  for  a 
speedy  recovery  from  the 
hurricane.  After  all,  the  systems 
don’t  run  themselves. 

BY  STEPHANIE  OVERBY 


JUST  BEFORE  HURRICANE  KATRINA  MADE 
landfall  last  Aug.  29,  Tom  Oreck,  president  and  CEO  of 
cleaning  products  manufacturer  and  retailer  Oreck  Corp., 
took  off  from  New  Orleans  on  a  plane  bound  for  Houston. 
With  him  were  his  wife,  his  three  kids  (all  under  age  5),  his 
dog  and  his  company’s  backup  tapes.  When  he  touched 
down,  he  FedExed  the  tapes  to  the  company’s  backup  data 
center  in  Boulder,  Colo.,  and  began  piecing  his  company 
back  together. 

Oreck’s  headquarters  are  in  New  Orleans,  and  the  com¬ 
pany  also  has  a  375,000-square-foot  manufacturing  plant 
and  call  center  based  in  Long  Beach  on  the  Mississippi 
Gulf  Coast.  Though  the  company  was  back  in  operation 
10  days  after  the  hurricane  (and  now,  more  than  six  months 
later,  has  resumed  normal  operations),  its  disaster  recovery 


7  4 


MARCH  15,  2006  |  www.cio.com 


PHOTOGRAPHY  BY  JACKSON  HILL 


With  Sybase®  software,  BNSF  Railway  Company  developed  a  mobile  application 
that  enables  remote  workers  to  document  railway  maintenance  and: 


Cuts  data  entry  time  by  approximately  50  percent 
sjf  Provides  more  accurate  and  timely  data 
Q^Delivers  software  and  database  updates  automatically 


For  most  organizations,  maintaining  32,500  miles  of  rail  lines  would  be  a  colossal  headache.  But  for  BNSF  Railway  Company,  it  has  become 
a  competitive  advantage.  Because  they  have  an  information  edge  that  comes  from  Sybase  SQL  Anywhere®  and  Adaptive  Server®  Anywhere 
software.  Now,  BNSF  remote  workers  can  input  data  on  location  (vs.  waiting  until  the  end  of  the  day).  Headquarters  has  more  visibility  into 
the  field.  And  maintenance  decisions  are  made  more  proactively.  Just  a  few  reasons  why  more  and  more  global  companies  are  using  Sybase 
every  day  to  keep  their  business  on  track,  www.sybase.com/infoedge207 


Copyright  ©2006  Sybase,  Inc.  All  rights  reserved.  Sybase,  the  Sybase  logo,  SQL  Anywhere  and  Adaptive  Server  are  trademarks  of  Sybase,  Inc. 
*  indicates  registration  in  the  United  States  of  America.  All  product  and  company  names  are  trademarks  of  their  respective  owners 


Sybase 


View  from  the  Top 


“Everything  is— like  it  or  not— linked. 
And  so  a  breakdown  anywhere  in  IT 
is  a  breakdown  everywhere.” 

-Tom  Oreck 


plan  was  severely  tested  by  the  storm.  The  experience 
taught  Tom  Oreck  some  critical  lessons  about  the  role  of 
IT  in  business  continuity.  First  of  all,  in  today’s  networked 
environment,  when  one  IT  system  breaks  down,  they’re 
all  down,  for  all  intents  and  purposes.  Second,  the  pub¬ 
lic  telecommunications  system  cannot  be  counted  on. 
And  lastly,  although  a  good  business  continuity  plan  is 
essential,  recovery  from  a  disaster  depends  on  what 
Oreck  calls  “aggressive  improvisation”  by  employees. 

The  company  owes  its  existence  to  improvisation. 
When  Oreck ’s  father  David  first  tried  to  sell  his  light¬ 
weight,  heavy-duty  vacuum  cleaner  in  the  1960s,  he  had 


Oreck  Corp. 

Headquarters:  New  Orleans 
Industry:  Manufacturing 

2004  revenue:  $190  million 
(estimated) 

Employees:  1.200  (approxi¬ 
mately) 

IT  executive:  Mike  Evanson, 
VP  of  IT 


trouble  marketing  the  product  through  department 
stores,  which  were  the  traditional  channel  of  distribution. 
So  the  elder  Oreck  went  straight  to  the  consumer,  turn¬ 
ing  the  fledgling  Oreck  Corp.  into  a  direct  marketing 
company.  Back  then,  Oreck’s  systems  consisted  of  a  few 
telephones,  typewriters  and  invoices  to  be  filled  out  in 
triplicate. 

Four  decades  later,  with  estimated  annual  revenue  of 
$190  million  (Oreck  doesn’t  publish  its  revenue),  the  mid¬ 
market  company  has  450  retail  stores  and  an  expanded 
product  line  (it  now  sells  cleaning  and  air-purification 
products  too).  And  its  IT  needs  are  complex.  The  direct 
marketing  side  of  the  business  lives  or  dies  by  its  data. 
Manufacturing  depends  on  supply  chain  and  logistics 
systems.  Customer  service  needs  its  call  centers. 

Tom  Oreck  and  his  CFO  approve  all  major  IT  invest¬ 
ments.  Nevertheless,  Oreck  is  hard-pressed  to  name  the 
applications  that  keep  the  company  running  smoothly 
(aside  from  that  expensive  ERP  system  he  recently 
approved).  He  is  less  interested  in  the  systems  them¬ 
selves  than  in  the  business  results  they  deliver— or  don’t. 
“Our  business  is  about  three  things.  It  is  about  market¬ 
ing.  It  is  about  controlled,  aligned  distribution.  And  it  is 
about  quality,  both  in  the  product  and  in  customer  serv¬ 
ice,”  says  Oreck. 

“IT’s  role  is  to  support  those  three  things.  And  as  we 
continue  to  develop,  IT’s  job  is  to  make  sure  that  the 
information  that’s  needed  is  in  the  form  it’s  needed  in,  and 
in  the  location  it  needs  to  be  in,  for  people  to  be  able  to 
accomplish  their  jobs.” 

CIO:  What  surprised  you  most  about  IT’s  role  in 
the  company’s  recovery  after  Hurricane  Katrina? 
Tom  Oreck:  Communications  was  a  major  issue.  That 
was  a  complete  surprise.  The  first  challenge  we  had  was 
that  we  could  not  find  people  because  the  cell  phone  sys¬ 
tems  came  down.  The  cell  phone  systems,  as  far  as  I’m 
concerned,  have  a  fundamental  design  flaw:  Every  call  is 
routed  back  through  your  area  code,  and  if  those  towers 
go  down,  your  cell  phone  does  not  work.  That’s  absurd  in 


7  6 


MARCH  15,  2006  |  www.cio.com 


.J  mu  uUL  nyuit-yiu  uhuuuuikj  ui  utsmunii.  udia  oyoictn^  out 


MEETING  WON'T  LIFT  A  CRATE. 

WISHING  WON'T  LIFT  A  CRATE. 

TALKING  WON'T  LIFT  A  CRATE. 

IF  YOU  WANT  TO  LIFT  A  CRATE, 
USE  A  PULLEY. 

We  want  to  help  you  streamline  your 
business  and  make  it  work  better. 

No  matter  how  impossible  that  may  seem. 
From  providing  the  capabilities  to  centralize 
your  supply  and  inventory  management,  to 
implementing  an  integrated  IT  solution  that 
synchronizes  your  operations  far  and  wide. 
And  we  won't  wish  for  it.  Or  hope  to  do  it. 
We'll  get  it  done.  Like  we  did  working  with 
Daikin,  the  Asia-based  air-conditioner 
manufacturer  who  wanted  to  gain  a 
competitive  advantage  by  establishing  a 
supply  structure  that  would  never  encounter 
a  shortage.  Together  we  implemented  a 
solution  that  connected  production  units 
with  both  suppliers  and  customers  to  ensure 
faster,  more  cost-effective  delivery.  Helping 
them  become  both  leaner  and  bigger. 

So  if  you  want  to  raise  your  company's 
standard  of  efficiency,  think  of  us  as  your 
pulley.  It's  what  we  do.  And  we  want  to  do 
it  for  you.  www.eds.com 


Let's  get  to  work. 


View  from  the  Top 


“In  a  crisis,  you  make  decisions  quickly.  There’s 
no  reason  that  cannot  be  applied  to  business  as 
normal.  I  don’t  want  my  VP  of  IT  making  rash 
decisions.  But  I  want  him  to  accumulate  all  the 
facts,  make  a  decision  and  move  on.” 

-Tom  Oreck 


today’s  world.  We  ultimately  found  a  lot  of  our  employ¬ 
ees  through  text  messaging. 

Cell  phones  weren’t  the  only  problem.  Having  trans¬ 
ferred  our  backup  data  software  from  New  Orleans  to  our 
hot  site  in  Boulder,  and  our  call  center  from  Long  Beach, 
Miss.,  to  Phoenix  and  Denver  (per  Oreck’s  disaster  recov¬ 
ery  plan),  we  were  up  and  running  again  within  five 
days.  But  we  could  not  communicate  with  our  Long 
Beach  manufacturing  site  for  14  days.  We  expected  that 
there  would  be  problems  with  connectivity,  but  it  was 
more  of  a  hardship  than  we  had  recognized. 

In  the  end,  everything  is— like  it  or  not— linked.  And 
so  a  breakdown  anywhere  in  the  system  is  a  breakdown 
everywhere  in  the  system. 

How  important  was  your  relationship  with  suppli¬ 
ers  and  vendors  in  getting  Oreck  back  online? 

IBM  [which  provides  Oreck’s  data  center  services]  pro¬ 
vided  support  in  areas  that  we  never  thought  of  and 
weren’t  even  in  our  contract.  For  example,  more  than 
250  of  our  employees  lost  their  homes  and  all  their  pos¬ 
sessions.  IBM  provided  access  to  trauma  [counselors]. 


They  also  helped  us  set  up  insurance  and  claims  assis¬ 
tance  for  employees.  It  wasn’t  contractual.  But  we  had  a 
good  working  relationship  with  IBM  before  this  hap¬ 
pened,  and  this  was  an  extension  of  that. 

We  also  called  on  our  relationship  with  UPS.  We’re  a 
big  customer.  With  no  connectivity  in  our  Long  Beach 
facility,  we  could  no  longer  distribute  our  own  products. 
Mike  Evanson,  our  VP  of  IT,  and  Candy  Mauffray,  our 
director  of  logistics,  worked  out  a  solution:  UPS  would 
truck  in  food  and  water  to  our  employees  in  Mississippi 
and  then  leave  with  Oreck  products  that  it  could  ship 
from  its  facility  in  Atlanta. 

We  were  able  to  get  our  distribution  systems  operat¬ 
ing  in  their  facility.  Normally  that  would  have  taken  six 
to  eight  weeks,  but  they  worked  very  hard  with  us  to  get 
them  operating  within  a  few  days.  For  a  while,  when  a 
customer  would  call  Oreck,  the  call  would  be  routed  to 
our  backup  call  center  in  Phoenix  or  Denver;  the  order 
would  go  to  our  backup  computer  operations  in  Denver, 
and  then  it  would  go  to  UPS  in  Atlanta,  where  the  ship¬ 
ping  label  would  be  printed  and  the  product  would  be 
sent  out  the  door. 

We  always  knew  these  relationships  were  important. 
Being  located  where  we  are,  we  have  the  occasional  [hur¬ 
ricane]  scare.  We  implement  the  disaster  recovery  plan 
and  come  back  online.  But  this  time  we  couldn’t  come 
back  by  ourselves. 

In  November,  you  and  your  executive  team  rewrote 
your  disaster  recovery  and  business  continuity 
plans.  What  changed? 

We  did  a  lot  of  things  right.  But  there  were  a  lot  of  things 
we  didn’t  know  then  that  we  can  now  take  into  account. 

The  one  thing  that  we  did  not  expect  was  not  to  have 
one  facility  or  the  other  to  operate  from.  We  always 
thought  that  in  a  worst-case  scenario,  we  could  set  up 
assembly  lines  in  New  Orleans.  Or  if  something  hap¬ 
pened  in  New  Orleans,  we  could  operate  out  of  Long 
Beach.  So  now  we’re  talking  about  the  need  for  addi¬ 
tional  manufacturing  options. 

We  came  up  with  solutions  to  prevent  communica¬ 
tions  issues  in  the  future.  We’re  making  an  information 
card  for  every  employee  that  has  two  telephone  num¬ 
bers  on  it  that  will  be  activated  in  the  event  of  a  disaster. 
One  number  is  where  they  can  be  reached,  so  they  can 
leave  their  location,  and  the  other  will  be  the  number  for 
a  daily  8  a.m.  conference  call,  beginning  the  day  after 
the  disaster. 

But  I  think  the  most  important  thing  we  learned  is  that, 
no  matter  how  good  your  plans  are,  things  happen  that 
you  didn’t  anticipate.  What  really  saves  the  day  is  what  I 
would  call  “aggressive  improvisation.”  That  means  that 
people  look  at  a  problem  and  do  whatever  it  takes  to  solve 
it.  Our  people  found  ways  to  make  things  happen. 


7  8 


MARCH  15,  2006  |  www.cio.com 


Has  your  experience  of  the  past  few  months 
changed  your  view  of  IT  in  any  way? 

That’s  an  interesting  question.  I’m  not  sure  about  IT 
specifically.  But  I  will  tell  you  that  my  view  of  the  deci¬ 
sion-making  process  in  general  has  been  altered.  In  a 
crisis,  you  find  a  way  to  make  business  decisions  more 
quickly.  There’s  no  reason  that  cannot  be  applied  to  busi¬ 
ness  as  normal. 

As  business  grows,  or  any  department  in  a  business- 
such  as  IT— grows,  decision  making  tends  to  slow  down, 
and  your  ability  to  be  nimble  diminishes.  You  start 
embedding  all  this  bureaucracy  in  things.  Everything 
gets  studied  and  studied  some  more,  and  eventually 
something  gets  decided.  We  have  to  trust  that  we’ve  hired 
good  people  and  empower  those  people  to  make  deci¬ 
sions  without  having  to  jump  through  bureaucratic 
hoops,  and  that  includes  IT.  That  doesn’t  mean  I  want  my 
VP  of  IT  or  anyone  else  making  rash,  uninformed  deci¬ 
sions.  But  I  want  him  to  accumulate  all  the  facts,  make  a 
decision  and  move  on. 

Historically,  the  most  frustrating  thing  for  me  has 
been  the  disconnect  between  expectation  and  reality.  For 
a  non-technical  person  like  me,  you  see  all  of  these  fancy 
software  packages  that  look  like  they  will  do  everything 
for  you  but  brush  your  teeth.  But  in  reality  there  is  no 


such  thing  as  an  easy  software  installation.  Years  ago,  we 
had  a  point-of-sale  project  that  came  completely  unglued. 
I  had  to  pull  the  plug  on  it. 

My  experience  lately  has  been  better  because  my  VP 
of  IT,  Mike  Evanson,  is  grounded  in  reality.  He  is  an 
expert,  not  just  on  the  technical  side  but  on  the  manage¬ 
ment  side.  Everyone  wants 
to  point  the  finger  at  IT 
when  something  goes 
wrong,  but  the  business 
users  have  to  take  owner¬ 
ship.  IT  is  responsible  for 
finding  the  right  solutions 
and  making  sure  they  function  well,  but  they’re  not 
responsible  for  the  business  process.  Mike  is  not  just  a 
programmer  or  someone  who  implements  software.  He’s 
a  businessman  who  happens  to  be  in  IT.  He  can  manage 
the  relationship  between  IT  and  its  customers. 

I’m  always  cautiously  optimistic  about  what  IT  can  do. 
But  it’s  important  to  recognize  that  IT  is  an  enabler  of  busi¬ 
ness  process.  And  it  is  an  enabler  of  business  objectives.  It 
is  not,  in  and  of  itself,  the  solution.  HH 


Senior  Editor  Stephanie  Overby  can  be  reached  via  e-mail  at 
soverby@cio.com. 


Listen  In 


To  hear  more  of  Senior  Editor  Stephanie 
Overby's  interview  with  Tom  Oreck.  go  to 
www.cio.com/podcasts  and 

download  the  podcast.  CIO.COm 


processes,  reduce  unplanne 
information  and  surpass  servi 
IT  organization  more  efficiei 

our  whitepaper  at  www.maxi 


1 2006.  MRO  Software,  Inc.  All  rights  reserved.  Maximo  is  a  registered 
Jademark  and  MRO  Software  is  a  trademark  of  MRO  Software,  Inc. 


Leadership  should  be  1 

more  participative  than  directive, 
more  enabling  than  performing.  ^  1 
Mary  D.  Poole 


May  8-10,  2006 

The  Charles  Hotel,  Cambridge,  Massachusetts 


Get  together  with  key  thinkers,  leading  CIO  practitioners  and  members  of  the  CIO 
Executive  Council  to  focus  on  sessions,  tools  and  counsel  that  help  you  address  the 
unique  leadership  challenges  CIOs  face: 

Howto  ••• 


be  embraced  as  a  business-savvy  member  of  the  senior  management  team. 

be  respected  by  a  technically-savvy  IT  staff. 

keep  abreast  of  technology  trends  that  show  promise. 

visualize  and  apply  technology  where  it  will  most  benefit  the  business. 


Keynote  Sessions: 

The  Unique  Leadership 
Challenges  of  the  CIO 
Warren  McFarlan,  Professor 
Emeritus,  Harvard  Business  School 

CIOs  have  unique  challenges 
balancing  the  demands  of  the 
business  with  the  capabilities  of 
technology.  The  CIOs  must  be  both 
a  corporate  and  an  IT  leader.  Mc¬ 
Farlan  also  talks  with  a  CEO  about 
the  criteria  for  measuring  a  CIO’s 
leadership  ability. 


Leadership  of  the  New  Distributed 
&  Global  IT  Workforce 

Business  in  today’s  global  econ¬ 
omy  demands  24/7  attention. 

New  technologies  and  a  global  IT 
organization  make  it  possible  to 
get  the  work  done.  As  more  types 
of  IT  work  are  outsourced,  CIOs 
and  IT  staffers  alike  need  different 
skill  sets.  We  look  at  approaches 
to  overcoming  some  of  the  chal¬ 
lenges  they  face. 


Closing  Address:  Leadership 
&  Ethics  —  Defining  Moments 

Joseph  L.  Badaracco,  Author  and 
Professor  of  Business  Ethics, 
Harvard  Business  School 

“Defining  moments”  occur  when 
work  choices  and  life  choices 
become  one.  Badaracco  examines 
the  right-versus-right  conflicts  that 
every  leader  faces  and  presents 
an  unorthodox  yet  practical  way 
for  you  to  think  about  and  resolve 
them. 


CIO  Concurrent  Workshop  Sessions: 


Focus  on  the  Future 
Section  A.  External  Focus: 

“Getting  Ahead  of  the  Puck” 

According  to  hockey  great  Wayne  Gretzky 
the  secret  to  success  is  not  knowing  where 
the  puck  is  —  but  where  it’s  going  to  be. 
How  you  can  better  understand  the  many 
external  forces  impacting  your  organiza¬ 
tion  —  and  anticipate  what  your  business 
and  IT  needs  will  be. 

Section  B.  Internal  Focus:  Getting 
in  Lock-Step  with  the  Business 

Whether  you  call  it  alignment  or  conver¬ 
gence,  a  close  relationship  between  IT 
and  the  lines  of  business  makes  for 
a  more  efficient  organization.  We  talk 
about  some  of  the  new  thinking,  tools 
and  best  practices  to  get  your  organiza¬ 
tion  working  in  harmony. 

Focus  on  Planning  and  Execution 
Section  A.  Risk  Analysis/Business 
Continuity  &  Crisis  Management 

Analyzing  and  balancing  risk  on  an 
enterprise  level  is  the  only  way  to  manage 
a  corporation  in  our  highly  distributed  and 
interconnected  world.  How  can  you  make 
better  business  decisions  and  improve 
how  you  handle  predictable  risks,  busi¬ 
ness  continuity  needs  and  handle  crises? 

Section  B.  Project/Portfolio/Business 
Process  Management 

Limited  resources  must  be  funneled  to 
initiatives  with  strategic  fit  and  best 
payback  potential.  Application  backlog 
is  rated  the  number  one  hurdle  for  CIO 


success.  It  is  important  to  have  a  clear 
strategy  for  governing,  prioritizing  and 
rationalizing  IT/business  investments. 
CIOs  share  their  experience  in  this  work¬ 
shop. 

Focus  on  the  “Soft"  Skills 
Section  A.  Talking  the  Talk  with 
Senior  Management:  The  Arts  of 
Education,  Communication  and 
Persuasion 

CIOs  are  always  looking  for  help  in  com¬ 
municating  more  effectively  with  the 
other  C-level  executives  and  the  Board. 

In  these  sessions,  we  look  at  how  leading 
CIOs  in  several  industries  got  comfort¬ 
able  talking  the  talk. 

SectionB.  Getting  Street  Cred: 

What  Does  the  IT  Staff  Really  Want 
(and  Need)  from  the  CIO? 

Leading  an  IT  staff  has  its  own  peculiar 
challenges.  In  these  sessions,  we  talk 
with  some  of  our  Ones  to  Watch  Award 
winners  about  how  they  view  the  CIO’s 
role  in  mentoring,  coaching,  providing 
direction  and  growth  opportunities. 

Plus:  Tuesday  Evening 

Special  General  Session,  Dinner 
and  Presentation  of  CIO  Magazine’s 
2006  Ones  To  Watch™  Awards 

as  we  recognize  the  next  generation 
of  IT  leaders. 


“Leadership  is 
not  position.” 


action, 


Donald  H.  McGannon 


The  CIO  Leadership 
Conference  is  proudly 
underwritten  by 

amdci  ®Sun. 

microsystems 


Official  Host  Sponsors 

:=:  BlackBerry 

i  R  i  s  e' 

VISUALIZE.  INNOVATE.  DELIVER?* 

redhat. 

Symantec. 


Presented  by 
CIO  Magazine  in 
conjunction  with  the 
CIO  Executive  Council 


Business 

Technology 

Leadership 


CIO  Executive  Council 

The  Professional  Organization  for  CIOs 


Register  now  for  this 
one  of  a  kind  event! 


• -'>v.  >  w.  v. 


mm 


' 


Visit  http://www.cio.com/conferences  by  March  31st 
and  take  advantage  of  our  “early  bird”  pricing  of  $300 
off  the  full  registration  fee.  Or  call  our  conference  office 
at  800-355-0246  for  more  information. 


m 


ii  hi 


SALES  AND  SERVICES 


CIO  SALES  OFFICES 
President  and  CEO 

Michael  Friedenberg 
508  935-4310 

Publisher 

Gary  J.  Beach  •  508  935-4202 

EAST  COAST 

VP  Sales,  East 

Bob  Bragdon  •  508  935-4443 

Regional  Sales  Director 

Kathy  Powers  •  201 634-2331 

Regional  Sales  Manager 

Ellie  St.  Louis -201 634-2332 
Senior  Sales  Associate 

Rhonda  Goodman 
201 634-2329 
Fax  •  201 634-9513 

NEW  ENGLAND 

Senior  District  Sales  Manager 

Andrew  Flaney  •  508  935-4586 
Sales  Operations  Manager 

Dawn  Cora  •  508  935-4092 
Fax  •  508  879-6063 

NORTH  CENTRAL 

Regional  Sales  Manager, 
Southwest 

Beth  DeVillez  •  847  759-2727 
Advertising  Sales  Associate 

Kim  Giovanni  •  847  759-2728 
Fax  •  847  759-2729 


WEST  COAST 

VP  Sales,  West 

Bob  Melk  •  415  975-2685 

Senior  Regional  Sales 
Manager 

Ai  Collins  •  415  975-2686 

Regional  Sales  Manager 

Kevin  Ebmeyer  •  415  975-2684 

Account  Executive 

Derek  Jung  •  415  975-2683 
Fax  •  415  543-2358 

Senior  Account  Executive 

Sara  Mascall  •  415  978-3385 

Ad  Sales  Associate 

Devon  Slattery  •  415  975-2687 

SOUTHERN  CALIFORNIA 

Regional  Sales  Manager 

Kevin  Ebmeyer  •  415  975-2684 

ONLINE  SERVICES 
VP,  Integrated  Media 
and  Online  Sales 

Jim  Alla  *508  988-6763 

Western  Online  Sales  Manager 

Jennell  Hicks  *415 243-8585 

Online  Account  Executive 

Danielle  Tetreault 
508  988-7969 

Online  Sales  Administrator 

Anne  Butera  •  508  988-6823 


CUSTOM 
PUBLISHING 
VP  of  Program 
Development,  IDG 

Charles  Lee  •  212  867-1229 

VP,  Integrated  Media 
and  Online  Sales 

Jim  Alla  *508  988-6763 

Director 

Mary  Gregory  •  508  988-6765 

Executive  Editor  and  Director 
of  Operations  Tom  Field 
Director,  Integrated  Project 
Management  Mo  Barrett 
Managing  Editor  Jim  Malone 
Senior  Project  Manager 
Amy  Greenleaf 
Project  Managers 
John  Danielowich, 

Jon  Fleinrich 

LIST  SERVICES 

Contact  Paul  Capone  of  IDG 
List  Services  at  508  988-7537 
or  pcapone@idglist.com. 

REPRINT  SERVICES 

For  article  reprints  (100 
quantity  or  more),  please 
contact  Jennifer  Eclipse  at 
PARS  International  at  212  221- 
9595  x237  or  via  e-mail  at 
j eclipse@parsintl.com. 


CIO  is  published  in  the 
U.S.  as  well  as  in: 

Australia,  CIO  Australia 

www.idg.com.au 

Canada,  CIO  Canada 

cio.itworldcanada.com 

China,  CEO  &  CIO  China 

www.ceocio.com.cn 

France,  CIO  France 

www.idg.fr/cio 

Germany,  CIO  Germany 

www.cio.de 

India,  CIO  India 

91-80-521-0309/12 

Japan,  CIO  Japan 

www.idg.co.jp 

The  Netherlands, 

CIO  Netherlands  www.cio.nl 
New  Zealand,  CIO  New  Zealand 
www.idg.co.nz 
Norway, 

CIO  Business  Standard 
www.business-standard.no 

Poland, 

CXO  Poland  www.cxo.pl 

Singapore,  CIO  ACEN/ 
Flong-Kong  www.idg.com.sg 
South  Korea,  CIO  Korea 
www.cio.seoul.kr 
Sweden,  CIO  Sweden 
www.cio.idg.se 

For  further  sales  information: 

www2.cio.com/marketing/ 

aboutcio/contacts.cfm 


INDEX  OF  COMPANIES  AND  ADVERTISERS 


Page  numbers  refer  to  the  first  page  of  the  article(s)  in  which  the  company  has  a  substantial  mention.  This  index 
is  provided  as  a  service  to  readers.  The  publisher  does  not  assume  any  liability  for  errors  or  omissions. 


COMPANY  INDEX 

Aberdeen  Group . 44 

AT&T  Corp . 44 

Avaya  Inc . 44 

Avotus . 44 

Axis  Communications  . 27 

BEA  Systems  Inc . 40 

Bell  Canada . 64 

BellSouth  Corp . 44 

COM  I  . 44 

Comcast  Corp . 44 

Community  Partners  Inc . 40 

Control  Point  Solutions  . 44 

Davis  Wright  Tremaine  LLP . 44 

Deloitte  Consulting  LLP . 40 

DirecTV  Inc . 44 

Electronic  Data  Systems  Corp . 44 

E-loan  Inc . 64 

Forrester  Research  Inc . 44 

Gartner  Inc . 44 

Google  Inc . 17 

Flarvard  Pilgrim  Health  Care  Inc . 40 

Hudson  Institute  Inc . 17 

IBM  . 44 

Itabhi  Corp . 56 

Matric . 17 

MBGInc . 44 

McAfee  Inc . 84 

Microsoft  Corp . 17 

MySQL  AB  . 17 

Nexedi  . 17 


Oracle  Corp . 17 

Oreck  Corp . 74 

Ovum . 44 

Partners  Healthcare  . 64 

Ponemon  Institute  LLC  . 64 

Privacy  &  American  Business  . 64 

ProfitLine  Inc . 44 

Reed  Business  Information  . 44 

Research  in  Motion  Ltd . 17 

Saddle  Creek  Corp . 27 

Salesforce.com . 36 

SAP . 17 

Skype  Technologies  S.A . 44 

Sprint  . 44 

Symantec  Corp . 84 

Telwares  Communications  LLC . 44 

Time  Warner . 44 

United  Parcel  Service  Inc . 44 

Userful  Corp . 17 

Varis  Mine  Technology  Ltd . 17 

Vercuity  . 44 

Verizon  Communications  Inc . 44 

Vonage  Holdings  Corp . 44 

Wavelink  Corp . 27 

ADVERTISER  INDEX 

Avaya . 11 

BMC  Software  Inc . C2 

Business  Objects  . 13 

CDWCorp . 37 


Cognos  Inc . 43 

Control  Point  Solutions  . 63 

CXO  Media  Inc . 33,  61,67,  80,83 

EDS  . 77 

EMC2  Corp . 41 

Fortify  Software  Inc . 47 

Fujitsu  Computer  Systems  Corp.  .  21, 53 

Hewlett-Packard  Co.  (regional) _ 7,  71 

Insight  Direct  USA,  Inc . 55 

Intel  Corp . 19 

Lee  Technologies  . 26 

Manpower  Inc . 2 

Mercury  . 29,  31 

Microsoft  Corp . 14,49 

Motion  Computing,  Inc . 16 

MRO  Software  Inc . 79 

Novell  Inc . 59 

Oracle  Corp . 25 

Protiviti  Inc . 39 

SAP  . C4 

Satyam  Computer  Services  . 69 

Siebel  Systems  Inc . 35 

Siemens  Corp . 9 

SSA  Global  Technologies  Inc . 51 

Sun  Microsystems  Inc . C3 

Sybase . 75 

Symantec  Corp . 73 

Verizon  . 23 

Xerox  Corp . 4 


! 


I 


8  2 


CIO  CONTACT 
INFORMATION 

Editorial,  Advertising  and 
Business  Offices:  CXO  Media  Inc., 
492  Old  Connecticut  Path,  P.O. 
Box  9208,  Framingham,  MA 
01701-9208,  508  872-0080. 

CIO  (ISSN  0894-9301)  is 
published  semimonthly  and  as 
a  combined  issue  Dec.  15/Jan.  1 
by  CXO  Media  Inc.  Periodicals 
postage  paid  at  Framingham,  MA, 
and  at  additional  mailing  offices. 
Canada  Publications  Mail  Agree¬ 
ment  Number  1902075.  CANA¬ 
DIAN  POSTMASTER:  Please 
return  undeliverable  copy  to  P.O. 
Box  1632,  Windsor,  ON  N9A  7C9. 

Permissions:  Copyright  2005 
by  CXO  Media  Inc.  All  rights 
reserved.  Reproduction  of 
material  appearing  in  CIO  is 
forbidden  without  written 
permission.  Send  all  requests 
to  Yadira  Pizarro,  PARS  Interna¬ 
tional,  212  221-9595,  Ext.  231, 
oryadira@parsintl.com. 

Photocopy  Rights:  Permission 
to  photocopy  for  internal  or 
personal  use  or  the  internal  or 
personal  use  of  specific  clients  is 
granted  by  CIO  for  users  through 
the  Copyright  Clearance  Center, 
provided  that  the  base  fee  of  $3 
per  copy  of  the  article,  plus  $.50 
per  page  is  paid  directly  to  Copy¬ 
right  Clearance  Center,  27  Con¬ 
gress  Street,  Salem,  MA  01970. 
Please  specify:  ISSN  0894-9301. 
Permission  to  photocopy  does 
not  extend  to  contributed  articles 
followed  by  this  symbol: 

Subscriptions:  CIO  is  free  to  qual¬ 
ified  information  executives.  To 
apply,  use  our  online  subscription 
form  at  www.subscribe.cio.com. 
Subscriptions  are  also  available 
on  a  paid  basis  at  a  rate  of  $95  for 
the  United  States  and  Canada, 
$195  International  (payable  in 
U.S.  funds  only)  and  may  be 
ordered  online  at  www.subscribe 
.cio.com/services.html.  Or 
address  inquiries  to  CIO.  P.O.  Box 
489,  Northbrook,  IL  60065-0489; 
866  354-1125.  Please  allow  four 
to  six  weeks  for  a  new  subscrip¬ 
tion  to  begin.  The  single  copy 
price  is  $9forthe  United  States 
and  Canada,  and  $15  Interna¬ 
tional.  Prepayment  is  required, 
payable  in  U.S.  funds. 

Change  of  Address:  Please  go  to 
www.omeda.com/custsrv/cio 
and  follow  the  online  instructions. 

Postmaster:  Send  change  of 
address  to  CIO.  P.O.  Box  489, 
Northbrook,  IL  60065-9816. 
Printed  in  the  U.S. A. 


MARCH  15,  2006  |  www.cio.com 


It's  OK  to  show  off  to  your  friends 
that  you  were  in  CIO. 


But  it ’seven  better  to 
show  your  customers. 

What  better  way  to  inform  your  key  customers 
of  your  editorial  coverage  in  CIO  than  through 
customized  Editorial  Reprints? 

Leverage  the  positive  impact  of  your  editorial 
coverage  by  using  reprints  for  direct  mail 
campaigns,  seminar  promotions,  employee 
communications,  recruiting  and  marketing 
programs.  Let  us  enhance  your  reprints  with  your 
logo,  address,  and  sales  message.  Reprints  make 
for  trade  shows,  mailings  or  media  kits. 


company  s 
ireat  SALES  tools 


And  while  a  framed  copy  of  your 
article  will  look  neat  on  your  wall,  it 
will  look  even  better  in  the  hands  of 
your  customers. 


Business  Technology  Leadership 


p  Ars 


■  Ancillary  ■  g§||gg 

Rrvtnue  ■ 

_ Service* 

|  INTERNATIONAL  COKP  | 

Imanagep  REPRINT  PROGRAMS  1 


For  more  information  on  customized  editorial  reprints  in  volume  quantities, 
contact  Jennifer  Eclipse  at  212.221.9595  x237  or  email  jeclipse@parsinti.com. 
Website:  www.magreprints.com/quickquote.asp 


The  Good 
Worms 

What  if  Symantec,  McAfee  and 
other  companies  dedicated  to 
battling  computer  viruses  and 
worms  simply  stopped  playing 
defense  and  got  creative?  Instead 
of  trying  to  block  the  spread  of 
malicious  code,  why  not  start 
producing  beneficial  bugs  that 
dramatically  improve  our  lives? 


VIRUS  NAME 

ATTACKS 

WHAT  IT  DOES 

COMMENTS 

Responsive.exe 

E-mail 

Finds  e-mail  messages  that  you  never  responded 
to  (but  should  have)  and  crafts  thoughtful  and 
grammatically  correct  replies 

If  left  untreated,  virus  will  start  shopping  online 
for  tasteful  holiday  gifts 

I.Have.A.Life  Worm 

Networked  calendar 
software 

Locates  meetings  scheduled  at  inappropriate 
times  (before  8  a.m.  and  after  6:30  p.m.)  and 
reschedules  them  during  normal  working  hours 

Orders  doughnuts  and  coffee  for  all  other 
meetings 

W32/PhotoShop 

Digital  photo  files  of 
all  formats 

Alters  images  indiscriminately  so  that  you 
appear  15  pounds  lighter 

The  W32/PhotoShop/BetterHaircut  variant  is 
self-explanatory 

Prompt-Payer 

E-mail 

Not  a  virus,  but  a  phishing  method  that  entices 
you  to  visit  your  actual  bank's  actual  website, 
and  pay  your  American  Express  and  Cingular 
bills  before  a  penalty  is  assessed 

A  boon  for  your  credit  rating 

ShortAndSweet.exe 

Presentation  files 

Randomly  erases  eight  out  of  every  10  slides 
before  the  presentation  is  delivered 

Targets  your  most  verbose  colleagues 

EmployeeEvaluator 

Word  processing 

Generates  uncannily  accurate  performance 
reviews  for  your  staff;  developed  by  artificial 
intelligence  experts  at  MIT 

Sample:  "If  Julian  invested  half  the  energy  in  his 
job  that  he  dedicates  to  running  the  office  March 
Madness  pool....” 

CutbackReverser 

Spreadsheets 
and  budgeting 
applications 

Stealthily  increases  your  quarterly  budget  by 

5  percent 

More  sophisticated  variants  also  reduce  other 
departments’  budgets  by  a  corresponding 
amount  to  cover  your  tracks 

The  Hangover  Virus 

E-mail 

Blocks  e-mails  you  attempt  to  send,  while  drunk, 
to  bosses,  former  spouses  and  newspaper  op-ed 
pages 

A  successor  virus,  SonOfHangover,  deletes  from 
your  camera  phone  all  incriminating  photos  from 
last  night's  bender 

The  MissMariners 
virus 

BlackBerrys 

Software  turns  the  device  off  if  you  attempt  to 
use  it  in  inappropriate  places,  such  as  in  funeral 
homes,  at  school  performances  or  during  foreplay 

Unfortunately,  cannot  prevent  users  from 
wearing  the  device  on  a  swiveling  belt  holster 

84  MARCH  15,  2006  |  www.cio.com 


ILLUSTRATION  BY  BOB  STAAKE- 


Sip  energy. 

GULP  DATA. 


H 


mfadfc-Bh  'r~m~  '"r,1rnT”"> 


>&*&i£sss.siL&.  v3fc.a 


»•••••••••••••••••••••••••••••»!  GHz 


■Hi -je-js.  MMMHHB  Jfeutt 


Server  Facts: 


Sun  Fire  TlOOO  IBMX366 


_ 2x  THE  PERFORMANCE1 _ 

3x  THE  CORES 

6  |  2 

l8x  MORE  COMPUTE  THREADS  PER  RACK 
960  |  52 

Va  THE  SIZE 

1U  |  3U 

V«  THE  POWER  CONSUMPTION 
300  Watts  |  1,300  Watts 

THE  RIGHT  ARCHITECTURE  FOR  YOUR 
WEB  AND  APPLICATION  WORKLOADS 

ULTRASPARC'''  Xeon 

VaTHE  PRICE 

$3,495  I  $13447 


The  Sun  Fire’“  TlOOO  Solaris  server  with  CoolThreads” 
technology  delivers  18  times  more  compute  threads 
using  less  than  V4  the  power  consumption  of  Xeon. 

Introducing  the  world's  first  eco-responsible  server.  Maximize  capacity 
with  dramatic  energy  efficiency  and  amazing  cost  savings.  Reduce  the 
number  of  servers  by  as  much  as  3  to  l.  And  with  2  times  the 
performance  for  web  tier  applications,  meet  the  increasing  demands 
on  your  network— all  while  looking  out  for  the  planet.  Visit  sun.com. 

♦ Sun  soiaris 

microsystems 


(  share 


©  2005  Sun  Microsystems,  Inc.  All  rights  reserved. 

Base  Pricing  -  IBM  pricing  based  on  configuration  with  1  X  Dual  Core  Xeon  3.0GHz  processor  /  2GB  Memory  /  4  x  lGbE  ports  /lx  PSU  /  No  Disk  /  SUSE  LINUX  Enterprise  Server  9  1-16  CPUs 
&  Support.  IBM.com  pricing  11/14/05  from  https://www-l.ibm.com/products/hardware/configurator/na/ui/submitConfigSelection.wss?nc=ll3i98o889l46.  Sun  Fire  TlOOO  Solaris 
Server  configuration  based  on  1  x  6  Core  UltraSPARC®  Tl  processor  at  1.0GHz  /  2GB  Memory  /  4  x  lGbE  ports  /lx  PSU  /  No  Disk.  IBM  X366  product  specifications  from  brochure,  08/26/05: 
http://www  l32.ibm.com/webapp/wcs/stores/servlet/CategoryDisplay?catalogld  =  -840&storeld=l&langld=-l&dualCurrld=73&categoryld =2588660.  Power  consumption  readings  come 
from  rating  of  power  supplies.  Sun  Fire  T1000  Solaris  server  maximum  power  =  240  Watts.  Threads  per  rack  based  on  priced  configurations.  40  x  Sun  Fire  T1000  Solaris  Servers  delivering 
24  threads  per  server  being  installed  into  a  rack  with  40RU  of  usable  space.  13  x  IBM  X366  servers  can  be  installed  per  rack  with  40U  of  usable  space.  Each  server  configured  with  2  x  Xeon 
cores,  with  each  core  delivering  2  threads  via  hyperthreading.  9.6  GHz  represents  UltraSPARC®  Tl  processor  maximum  cumulative  GHz. 

‘Based  on  estimated  relative  webserving  performance. 


'  Based  on  a  2005  Stratascope  Inc.  analysis  of  publicly  available  fiscal  results  of  all  non-financial  companies  listed  on  NASDAQ  and  NYSli. 


L 


